ALSA-2023:0050

[ALSA-2023:0050] Moderate: nodejs:14 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-01-10

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs (14.21.1), nodejs-nodemon (2.0.20).

Security Fix(es):

* minimist: prototype pollution (CVE-2021-44906)
* node-fetch: exposure of sensitive information to an unauthorized actor (CVE-2022-0235)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* express: "qs" prototype poisoning causes the hang of the node process (CVE-2022-24999)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-14.21.1-2.module_el8.7.0+3373+a4c18c43.aarch64.rpm	42b57d7a9e77e5f54c9c97b8477b01814f1b902937a87707f66f3900ca79c20c
aarch64	npm-6.14.17-1.14.21.1.2.module_el8.7.0+3373+a4c18c43.aarch64.rpm	8175c826f41bd0c006b567fc02e4fd1f5215a86fb8f528e3ebb044deb408c6d5
aarch64	nodejs-full-i18n-14.21.1-2.module_el8.7.0+3373+a4c18c43.aarch64.rpm	a928b759dbd6b7fa3b6c301cec6f85d5d941776c91d58d3fa23d7998dd26a9b8
aarch64	nodejs-devel-14.21.1-2.module_el8.7.0+3373+a4c18c43.aarch64.rpm	e61f4e9b66912da3d781e79ad14c1ce2a6ab541f04a9c2be9d07bba413b5927c
noarch	nodejs-docs-14.21.1-2.module_el8.7.0+3373+a4c18c43.noarch.rpm	11fce28fa8ebb5c6f5139b2e3606627dba63da7417a0cefde727fa1bb1ecd8c9
noarch	nodejs-nodemon-2.0.20-2.module_el8.7.0+3373+a4c18c43.noarch.rpm	2b08e68d7502b5bc1de73f1724faf81765879b62007274d2a0bd2a22edb51813
noarch	nodejs-packaging-23-3.module_el8.4.0+2522+3bd42762.noarch.rpm	5ec709f70c833b784601552cba74067eb2a98aecaf8403431e26580abb8601b5
ppc64le	nodejs-full-i18n-14.21.1-2.module_el8.7.0+3373+a4c18c43.ppc64le.rpm	042853ef0d7c061413eb7ea064d93ddfc60898ccbbfbe1b6c6446580afbcfafe
ppc64le	npm-6.14.17-1.14.21.1.2.module_el8.7.0+3373+a4c18c43.ppc64le.rpm	9e4db559dc596378f7ee3212dc6aae76d1f97bdb21a80f6acc665ffe5107eca1
ppc64le	nodejs-14.21.1-2.module_el8.7.0+3373+a4c18c43.ppc64le.rpm	baa6bbb7e36e2954a0736bcdd7213e984961b9f7684ba659f385475364e5e259
ppc64le	nodejs-devel-14.21.1-2.module_el8.7.0+3373+a4c18c43.ppc64le.rpm	fe9e76f43db36de6b2d1f92a34888f98300a73e41280d347127e04b54a9140ea
s390x	nodejs-devel-14.21.1-2.module_el8.7.0+3373+a4c18c43.s390x.rpm	92e111cc29db11916517ce6aa58a0393de3b7a0915f78a49cdfabb3b37c94642
s390x	nodejs-full-i18n-14.21.1-2.module_el8.7.0+3373+a4c18c43.s390x.rpm	acdd9c7c7f1520266f6429c87efc16e087001742b7c8811a240426de95c57048
s390x	nodejs-14.21.1-2.module_el8.7.0+3373+a4c18c43.s390x.rpm	c617de723a40b057de397a2ae770901582b70d1c960582f0dbf7a56b30e384c0
s390x	npm-6.14.17-1.14.21.1.2.module_el8.7.0+3373+a4c18c43.s390x.rpm	d3975016facdb312f925460f0860ad4efd641e00a7e9ea1c795ba4e69dc1ee62
x86_64	nodejs-14.21.1-2.module_el8.7.0+3373+a4c18c43.x86_64.rpm	26454eda550b4bd0d045a3d3d04eb23f8edb8ba6c9e329b15669b71afba9d56e
x86_64	nodejs-devel-14.21.1-2.module_el8.7.0+3373+a4c18c43.x86_64.rpm	4e80276b5c878f98f59929a7955909d203403b2b2529750dd1ebe9aa1d451eb4
x86_64	nodejs-full-i18n-14.21.1-2.module_el8.7.0+3373+a4c18c43.x86_64.rpm	9604816dcc46b0d0d39cc7aa5ba93a8800be94de7a4ccdf43dca646c6c14ded2
x86_64	npm-6.14.17-1.14.21.1.2.module_el8.7.0+3373+a4c18c43.x86_64.rpm	b46176b22c20bcbd9bf7ea6c7803dd79f436793be59d9f67e54f3c2844e5832e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.