ALSA-2023:4035

[ALSA-2023:4035] Important: nodejs:18 security update

Type:

security

Severity:

important

Release date:

2023-07-12

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
* c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-full-i18n-18.14.2-3.module_el8.8.0+3587+ee652244.aarch64.rpm	08c877bdfe83ec15edf63bc209322610d6d5e70203d0970aa8cbdb0ecbc4ae15
aarch64	nodejs-devel-18.14.2-3.module_el8.8.0+3587+ee652244.aarch64.rpm	10f5b7c8a1883dae5416754b5f054531054cab5687135cca12923599b048cf46
aarch64	nodejs-18.14.2-3.module_el8.8.0+3587+ee652244.aarch64.rpm	6d793b5b904b414f382fb9ca303c5b34f8c2bc480d9abdbd477c10ce8224a40e
aarch64	npm-9.5.0-1.18.14.2.3.module_el8.8.0+3587+ee652244.aarch64.rpm	9bc4a2f9d071b1f1c4dc07ac1dde4b28d32ac2d0bde60bd47a5854454a30ce5c
noarch	nodejs-docs-18.14.2-3.module_el8.8.0+3587+ee652244.noarch.rpm	6ac9575f39e4c73896e34470a773c0f02cb9510f0d65505e424b62416e7b9c89
noarch	nodejs-nodemon-2.0.20-2.module_el8.8.0+3587+ee652244.noarch.rpm	7c11686ae92e7cfd073b0265d5869d9dadff8a9897d2b6cc7be7cc434eb44c2f
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le	nodejs-full-i18n-18.14.2-3.module_el8.8.0+3587+ee652244.ppc64le.rpm	6dde2a14cffe25af06bd642ec1ba3b501389622fabcd6951277cdab596af5ec6
ppc64le	nodejs-devel-18.14.2-3.module_el8.8.0+3587+ee652244.ppc64le.rpm	89fa1d24086ab623499b6bda190977925f288b1b2cd7bf230e2c8544d135a614
ppc64le	nodejs-18.14.2-3.module_el8.8.0+3587+ee652244.ppc64le.rpm	99c343fed750f223d9b210967137690ba448dc8344495222702b91e1c01b50f1
ppc64le	npm-9.5.0-1.18.14.2.3.module_el8.8.0+3587+ee652244.ppc64le.rpm	f861f124e01a073432806eec6d98ac3e87108a7fd9128939ecc7a54a32f8e3a8
s390x	nodejs-18.14.2-3.module_el8.8.0+3587+ee652244.s390x.rpm	10a9f3f751708ddf3b2cd370dd5188959ebb0bb3637f8d36a75facaec44ab0d9
s390x	nodejs-devel-18.14.2-3.module_el8.8.0+3587+ee652244.s390x.rpm	90b418b6c2c92571e74fdf10b214914350da66db777391230488f06f82477423
s390x	nodejs-full-i18n-18.14.2-3.module_el8.8.0+3587+ee652244.s390x.rpm	e3ea78a1198e93e6287a49947b8dcdbd18aec6d5f7ad8c988899bace5807c5f9
s390x	npm-9.5.0-1.18.14.2.3.module_el8.8.0+3587+ee652244.s390x.rpm	eb0b4c478802d35e4ea65dec4daf34cc96d427ffb5b50b5052eefa55bb5d04f9
x86_64	nodejs-devel-18.14.2-3.module_el8.8.0+3587+ee652244.x86_64.rpm	6d2483fce1fcfd5166aeb522dcb6edef83ddee6794be955c1116d4baa79352e1
x86_64	nodejs-full-i18n-18.14.2-3.module_el8.8.0+3587+ee652244.x86_64.rpm	9cf9384b9b892b698f6eb5bd7b64639755c306c23e614996e0c8d73d6d85f4b8
x86_64	npm-9.5.0-1.18.14.2.3.module_el8.8.0+3587+ee652244.x86_64.rpm	bb33e6f2c59f2f499c0cfc1c8ed4a7ff340dcb742297c6e0cf5b8bdd27861995
x86_64	nodejs-18.14.2-3.module_el8.8.0+3587+ee652244.x86_64.rpm	fe328f0d50cd82c906c1b693f4df1e4b8c0942679a3254796618584740615835

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.