ALSA-2023:4034

[ALSA-2023:4034] Important: nodejs:16 security update

Type:

security

Severity:

important

Release date:

2023-07-12

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-16.19.1-2.module_el8.8.0+3586+d4fc0b72.aarch64.rpm	365d9eafa02ce91c338d755847e9da6786a20005088545dee2a87f68f80d37c7
aarch64	nodejs-full-i18n-16.19.1-2.module_el8.8.0+3586+d4fc0b72.aarch64.rpm	db6c98e130b380eb704e2885f3b5d1001c78e2fe5cfd5bc7e2a99e05f2ec5a31
aarch64	npm-8.19.3-1.16.19.1.2.module_el8.8.0+3586+d4fc0b72.aarch64.rpm	dfbc06ef7941d76949f6e14c6da45b345572e566f50f31d551c0fba7f278841c
aarch64	nodejs-16.19.1-2.module_el8.8.0+3586+d4fc0b72.aarch64.rpm	f63a5d282a43aca68c8295979206c04b78832f27b9027131cf072ab571f3ce04
noarch	nodejs-docs-16.19.1-2.module_el8.8.0+3586+d4fc0b72.noarch.rpm	a4b25c1c67d61d90aa855e74034d92650afaa83379a992bb0394c7b5ce6d56d3
noarch	nodejs-packaging-25-1.module_el8.5.0+2605+45d748af.noarch.rpm	cb0391aca612f152879a96ea35099dc00cc9685ea52575761848c9e6eb7578bf
noarch	nodejs-nodemon-2.0.20-3.module_el8.8.0+3586+d4fc0b72.noarch.rpm	fb71c2e08da32540fb704aece39819820640aa092b48d536ca969a84bab50104
ppc64le	nodejs-devel-16.19.1-2.module_el8.8.0+3586+d4fc0b72.ppc64le.rpm	05a3b6ffaea87425465d787324a25ff484ed2e523e76939d7c7d000951074394
ppc64le	npm-8.19.3-1.16.19.1.2.module_el8.8.0+3586+d4fc0b72.ppc64le.rpm	43ef9881f098263ed4be94c40d4323b1cfa5091903a713f1272dce770298248a
ppc64le	nodejs-16.19.1-2.module_el8.8.0+3586+d4fc0b72.ppc64le.rpm	a7a868a3e8f02f6ced73f690db09858d247778a7d0282b03827ba5be8fb10768
ppc64le	nodejs-full-i18n-16.19.1-2.module_el8.8.0+3586+d4fc0b72.ppc64le.rpm	e414e18fd9778170d7b54b2b803dd6b9eab19e4a7c52ebc5ee66dffac396f4ef
s390x	nodejs-devel-16.19.1-2.module_el8.8.0+3586+d4fc0b72.s390x.rpm	dd40894e9450f2cdf2f2ab6dd213a8f7f116fb0cd43fa2448337b756508f6485
s390x	nodejs-16.19.1-2.module_el8.8.0+3586+d4fc0b72.s390x.rpm	f2cb33da09dc0cad86d0419be5a8dce91bef59bb47035f4a5a97adb8be687faf
s390x	nodejs-full-i18n-16.19.1-2.module_el8.8.0+3586+d4fc0b72.s390x.rpm	f9284833f057f9731171a0d2c5d7c9712dcffaebf78ef3a38519d8e4a796fc8d
s390x	npm-8.19.3-1.16.19.1.2.module_el8.8.0+3586+d4fc0b72.s390x.rpm	fd436022ec79a043aaee37a7727c8846b0721722071d01f5841a0ef7e316ff75
x86_64	nodejs-16.19.1-2.module_el8.8.0+3586+d4fc0b72.x86_64.rpm	56b998b31767e095caf60819b38c98128affd39397d656e04f48694d8df98eaa
x86_64	nodejs-full-i18n-16.19.1-2.module_el8.8.0+3586+d4fc0b72.x86_64.rpm	c04b88159d50652217c4418179c13a93c38c64dcf5bdd28c979af84c977e30c3
x86_64	npm-8.19.3-1.16.19.1.2.module_el8.8.0+3586+d4fc0b72.x86_64.rpm	e4bd789f3db609ae9e358b1c7e7c23d6e78ee5d978e2145cdeeccdd427db4c4c
x86_64	nodejs-devel-16.19.1-2.module_el8.8.0+3586+d4fc0b72.x86_64.rpm	ec44d9fd4f0ee32153cc3dc7f2e06f286a058c35a71afe9bc0e979e843d0acba

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.