[ALSA-2023:1583] Moderate: nodejs:18 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-04-20
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (18.14.2). Security Fix(es): * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) * Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-full-i18n-18.14.2-2.module_el8.7.0+3497+c65299e7.aarch64.rpm 50b042d87cec7f0ce1783ea280004351d8b718893ec29c0b9e199e87cc40c1a2
aarch64 npm-9.5.0-1.18.14.2.2.module_el8.7.0+3497+c65299e7.aarch64.rpm 90817566caafb6041bf40ee1185ed31a7ce1a90b812b8723900ab50282707fa4
aarch64 nodejs-18.14.2-2.module_el8.7.0+3497+c65299e7.aarch64.rpm 94f7a16896028faed5f27385f7bac78afefcf81677d843c07bf9d7af1ece1dab
aarch64 nodejs-devel-18.14.2-2.module_el8.7.0+3497+c65299e7.aarch64.rpm b455ad12a4b19b19f595bcc90563697e4de792fff5ac15729277c5716156eb8a
noarch nodejs-docs-18.14.2-2.module_el8.7.0+3497+c65299e7.noarch.rpm 4e2275f111ab94ff1f2ccdf758432fbe8b2a6b24e8a7d22c3d07cd5da0c2a840
noarch nodejs-nodemon-2.0.20-2.module_el8.7.0+3497+c65299e7.noarch.rpm 6a006142ce68f7873cf6dce117dc365b8e11b415604dc6046d933d7857378af1
noarch nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm 9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le nodejs-18.14.2-2.module_el8.7.0+3497+c65299e7.ppc64le.rpm 1a00a20c432bc8d30dcd87c4e71d42d458a1ab9349904faaf60cb2e76046a507
ppc64le nodejs-devel-18.14.2-2.module_el8.7.0+3497+c65299e7.ppc64le.rpm 1ca76aee12adbbe0500b78475759fe45e7ce80a335aa05300516feabd7bd9db6
ppc64le nodejs-full-i18n-18.14.2-2.module_el8.7.0+3497+c65299e7.ppc64le.rpm 614951b75d80c709e05aa872b3843091ae2c4c3531e6f242f83d3ba6797a21fe
ppc64le npm-9.5.0-1.18.14.2.2.module_el8.7.0+3497+c65299e7.ppc64le.rpm 79b1dea365b8387535f8f5243f989faac2a1bcce0e8a66d417742c7681e0ba04
s390x npm-9.5.0-1.18.14.2.2.module_el8.7.0+3497+c65299e7.s390x.rpm 2956059667a602bd0f19da7e6a1d8d1013dc297fb760e2260e6aa44922c1af3c
s390x nodejs-devel-18.14.2-2.module_el8.7.0+3497+c65299e7.s390x.rpm c4a9b0c3135316ba73bc70e2d47c4639f8692dc6742d080aad7b5e7b854c0748
s390x nodejs-full-i18n-18.14.2-2.module_el8.7.0+3497+c65299e7.s390x.rpm eb525bd577d27a01721702066c41ab29451e92949aa07613909316133a72a6b8
s390x nodejs-18.14.2-2.module_el8.7.0+3497+c65299e7.s390x.rpm f1e1f72d446accd08458eac857ea123b199534837f3664ffc95dcd172c6022e7
x86_64 nodejs-18.14.2-2.module_el8.7.0+3497+c65299e7.x86_64.rpm 09e8ae08d69d7e5064a6951beb370b0801ba27d0ffc8a42519cc73b97f3762d0
x86_64 nodejs-devel-18.14.2-2.module_el8.7.0+3497+c65299e7.x86_64.rpm 2a50799bfbc23b84fbf3d54536ebd8a866133437e9a22af052b3f055a43e355d
x86_64 nodejs-full-i18n-18.14.2-2.module_el8.7.0+3497+c65299e7.x86_64.rpm 9a83a96190777501ff9899d865042843c26067a0a5e73b2c4a1dad5e4f2323d9
x86_64 npm-9.5.0-1.18.14.2.2.module_el8.7.0+3497+c65299e7.x86_64.rpm bc30c67bb5b77f847bf05e4df25fce1539670059decc80cd80eb63ec74d78b19
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.