ALSA-2023:4536

[ALSA-2023:4536] Moderate: nodejs:18 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-08-09

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The package has been upgraded to a later upstream version: nodejs (18.16.1). (BZ#2223630, BZ#2223631, BZ#2223632, BZ#2223633, BZ#2223635, BZ#2223642)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)
* nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)
* nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)
* nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* nodejs:18/nodejs: Don't assume FIPS is disabled by default [almalinux-8] (BZ#2223639)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-9.5.1-1.18.16.1.1.module_el8.8.0+3595+0818e803.aarch64.rpm	3a57a5a2bab2d4edf6ed3ae811d458b41fd8e568adc533f0d664ec4cbdc7e06e
aarch64	nodejs-full-i18n-18.16.1-1.module_el8.8.0+3595+0818e803.aarch64.rpm	b06de9ee3905fb7525ade47148e381c09430c681af08e039156eba24ef4d78ff
aarch64	nodejs-18.16.1-1.module_el8.8.0+3595+0818e803.aarch64.rpm	b6754691f24fa5ae0f20b0f4954e4f329b1d360b9ee069c71cb42e17caf0dfb7
aarch64	nodejs-devel-18.16.1-1.module_el8.8.0+3595+0818e803.aarch64.rpm	b9d57cd85103403109a3f24a23b73d41159e798cf956b00b6a8b69169d852e74
noarch	nodejs-nodemon-2.0.20-2.module_el8.8.0+3587+ee652244.noarch.rpm	7c11686ae92e7cfd073b0265d5869d9dadff8a9897d2b6cc7be7cc434eb44c2f
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-docs-18.16.1-1.module_el8.8.0+3595+0818e803.noarch.rpm	99ac04dd1dd60cb33e466c00cfb3f19d80cdc05f9a3bd2adbbe1286508a32816
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le	nodejs-full-i18n-18.16.1-1.module_el8.8.0+3595+0818e803.ppc64le.rpm	280bbd4cb2dcc8b956402f1e1e6b0f459589a6a71d441e148ae3356d623e099a
ppc64le	npm-9.5.1-1.18.16.1.1.module_el8.8.0+3595+0818e803.ppc64le.rpm	aa1264ce0e0c9f31d70f81c59791a149c8e5da63d33e553674a070b616b8b73b
ppc64le	nodejs-18.16.1-1.module_el8.8.0+3595+0818e803.ppc64le.rpm	b0a49e982245e5c83baa024a122c66104dd5e2abff1f96e21cf7acdadf67a613
ppc64le	nodejs-devel-18.16.1-1.module_el8.8.0+3595+0818e803.ppc64le.rpm	e69e05b622978d1198fb4002032aaaafe77c860ec9e0664abad59d1732c9e161
s390x	nodejs-devel-18.16.1-1.module_el8.8.0+3595+0818e803.s390x.rpm	5bb1e92891554c3965ff9d5956c805f82071431cf94ffbc52a5b0eb1dfef845b
s390x	nodejs-full-i18n-18.16.1-1.module_el8.8.0+3595+0818e803.s390x.rpm	ba4ccf02dbc35082bc376b46c743e7c0ce93b41c0412bdc3304f8c0d6a493722
s390x	npm-9.5.1-1.18.16.1.1.module_el8.8.0+3595+0818e803.s390x.rpm	c98e9c96b97e555373323eb9e99ea8dbe38bf9faebb10e967788c7c34a18ae00
s390x	nodejs-18.16.1-1.module_el8.8.0+3595+0818e803.s390x.rpm	f04f7d1e5829b45f3db4cba72189a4067f55b4ed1ab59afe01eac61ceaed3fd9
x86_64	nodejs-full-i18n-18.16.1-1.module_el8.8.0+3595+0818e803.x86_64.rpm	180b85b5e1d16a3382d191df8a257482bfe5068c0f3342b0ae51a7946ba3f0e2
x86_64	nodejs-devel-18.16.1-1.module_el8.8.0+3595+0818e803.x86_64.rpm	1947d1df6139fa35f383cf52f92d9e4b5bb62136eeeadeaf4a42c13a7dabf56a
x86_64	npm-9.5.1-1.18.16.1.1.module_el8.8.0+3595+0818e803.x86_64.rpm	4e9e39497b040d6cc193a227a0c4d70181bb1e9d91cb8e8a22575598181ddb9b
x86_64	nodejs-18.16.1-1.module_el8.8.0+3595+0818e803.x86_64.rpm	af541815f5637fe62700a07b6bdfe27de493d4ce12eeb949301c27ff626d544f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.