[ALSA-2023:1582] Moderate: nodejs:16 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-04-20
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.19.1). Security Fix(es): * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919) * Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) * Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-full-i18n-16.19.1-1.module_el8.7.0+3496+a59a3324.aarch64.rpm 03265602764a7e0f2c6dfcd4b86004ca498a266d31b8c36c78659bef34f09418
aarch64 nodejs-16.19.1-1.module_el8.7.0+3496+a59a3324.aarch64.rpm ad2de2a99318d8a3c0ea686c85c207bfc71324fbb528b3888b039368a2d641d6
aarch64 nodejs-devel-16.19.1-1.module_el8.7.0+3496+a59a3324.aarch64.rpm c26af32e85c486164b976c71afadb7bb4b24d3e13001abc6a9b23c012b642a2e
aarch64 npm-8.19.3-1.16.19.1.1.module_el8.7.0+3496+a59a3324.aarch64.rpm c482107357f306021f7bd827c054701c9152cafc783ce6f2253543ae9f4c8b32
noarch nodejs-docs-16.19.1-1.module_el8.7.0+3496+a59a3324.noarch.rpm 4b5f8e7ace28d3cb2195c2f9057b2dd755ced3691fd016859a7f854ba36623e1
noarch nodejs-packaging-25-1.module_el8.5.0+2605+45d748af.noarch.rpm cb0391aca612f152879a96ea35099dc00cc9685ea52575761848c9e6eb7578bf
noarch nodejs-nodemon-2.0.20-3.module_el8.7.0+3496+a59a3324.noarch.rpm d194817ee4134ff362909fe9642c8da5fd4f3a0a92f3ba1dd03ca4225195d2be
ppc64le nodejs-devel-16.19.1-1.module_el8.7.0+3496+a59a3324.ppc64le.rpm 2814be7a369bf0f85ab31f7054005c823ed652bf99b83351a0324bca9d61b1b4
ppc64le nodejs-16.19.1-1.module_el8.7.0+3496+a59a3324.ppc64le.rpm 3a27cf3b8c6c4450da8a70a2e74f4be4589dfea82e291e1d3e6c1800d1641bf9
ppc64le nodejs-full-i18n-16.19.1-1.module_el8.7.0+3496+a59a3324.ppc64le.rpm b83cc3763475d1f79241c5c082df9ab9eaf9461a917521566d785d454570288e
ppc64le npm-8.19.3-1.16.19.1.1.module_el8.7.0+3496+a59a3324.ppc64le.rpm e3e5953ef621144e1317fb49c7b7924e63ca9c98c2a81198eff38309a245bd23
s390x nodejs-16.19.1-1.module_el8.7.0+3496+a59a3324.s390x.rpm 17b3af1afdd98f6e9e3bc857b6c8f8dccb1da23b4e2c7e8f369bfb5bc44c8baa
s390x nodejs-devel-16.19.1-1.module_el8.7.0+3496+a59a3324.s390x.rpm 6dee87315c7552d657dc8efdc38e4b4eef10a2847f304872afbe50e338bd5848
s390x nodejs-full-i18n-16.19.1-1.module_el8.7.0+3496+a59a3324.s390x.rpm 860a1aa113812f14c351239d68b01a9beceb4624cf96ce381ca9420b65fd49ad
s390x npm-8.19.3-1.16.19.1.1.module_el8.7.0+3496+a59a3324.s390x.rpm 8cdb12bb6b27ec223713e8376da708cc9097edcd4ee731d91482675691718fc3
x86_64 nodejs-16.19.1-1.module_el8.7.0+3496+a59a3324.x86_64.rpm 601709dfad32e19cd1545e39cb12e06ce2c8fbaec6b41c9f5ed15828d58e440e
x86_64 npm-8.19.3-1.16.19.1.1.module_el8.7.0+3496+a59a3324.x86_64.rpm 8476656401855df7fefff0f1ef1090b2d7012e43db46aef545a219985928d01e
x86_64 nodejs-devel-16.19.1-1.module_el8.7.0+3496+a59a3324.x86_64.rpm ccfa8c96828fb17540d235981d5c612137f4f05829a1cdefcd51b8f8a4932e8c
x86_64 nodejs-full-i18n-16.19.1-1.module_el8.7.0+3496+a59a3324.x86_64.rpm d870e545f7837aeda3b8c1843cd9f19963c756023b6452783650cb3ade452240
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.