ALSA-2023:4537

[ALSA-2023:4537] Moderate: nodejs:16 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-08-09

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The package has been upgraded to a later upstream version: nodejs (16.20.1). (BZ#2223678, BZ#2223680, BZ#2223682, BZ#2223684, BZ#2223686, BZ#2223688)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)
* nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)
* nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)
* nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-16.20.1-1.module_el8.8.0+3594+e74fe53f.aarch64.rpm	2d7344c7725e1feae6f52f7fb2735e79b4f59d66f661839e337dac347c16f116
aarch64	nodejs-16.20.1-1.module_el8.8.0+3594+e74fe53f.aarch64.rpm	7153b04f047e2de4edab52abbb2fdb7e391ed665a140fb24e629171e11ff8ea4
aarch64	nodejs-full-i18n-16.20.1-1.module_el8.8.0+3594+e74fe53f.aarch64.rpm	901f4d0f2425e725a29e799b5a1666e060034ba41d9b85405ef496aac4d5b202
aarch64	npm-8.19.4-1.16.20.1.1.module_el8.8.0+3594+e74fe53f.aarch64.rpm	eddd200507c172948f09f5329f93068dd2c3240587be2180485af1976f665ba3
noarch	nodejs-docs-16.20.1-1.module_el8.8.0+3594+e74fe53f.noarch.rpm	6af6200dc9bb780013915a01757d6824b52a120a8a0d1643b5ca1a8276853c70
noarch	nodejs-packaging-25-1.module_el8.5.0+2605+45d748af.noarch.rpm	cb0391aca612f152879a96ea35099dc00cc9685ea52575761848c9e6eb7578bf
noarch	nodejs-nodemon-2.0.20-3.module_el8.8.0+3586+d4fc0b72.noarch.rpm	fb71c2e08da32540fb704aece39819820640aa092b48d536ca969a84bab50104
ppc64le	nodejs-16.20.1-1.module_el8.8.0+3594+e74fe53f.ppc64le.rpm	0b10cbc81c6e12a3591773f23966dae56796763c99546429d5511d0efa001b94
ppc64le	nodejs-full-i18n-16.20.1-1.module_el8.8.0+3594+e74fe53f.ppc64le.rpm	1d46817f43418dc0a02698a374f0ba97401bc1b7fa9280bc5b333495d3c1fa76
ppc64le	nodejs-devel-16.20.1-1.module_el8.8.0+3594+e74fe53f.ppc64le.rpm	3f97f3ccca9c35c0ebf8b59a295d03d8e1caa470e2587042b939b02264eeee19
ppc64le	npm-8.19.4-1.16.20.1.1.module_el8.8.0+3594+e74fe53f.ppc64le.rpm	881d24b5761afdde151891542fa4824ca356b1761e9f1222e3a7607540bdf4a7
s390x	nodejs-devel-16.20.1-1.module_el8.8.0+3594+e74fe53f.s390x.rpm	0154884126e5da571999d151d6fefc5ae09023bdcae06fc2f430d125706c93dc
s390x	nodejs-full-i18n-16.20.1-1.module_el8.8.0+3594+e74fe53f.s390x.rpm	7a4a44e720942b1e70f30b7536e58eb13d5880453531afecd06ec581d9165d14
s390x	npm-8.19.4-1.16.20.1.1.module_el8.8.0+3594+e74fe53f.s390x.rpm	b2b3a104c449cfcdbdb2f1c6a64e7d00ea08cc4303956b4543df978b36a2c863
s390x	nodejs-16.20.1-1.module_el8.8.0+3594+e74fe53f.s390x.rpm	cc535ffca9b6a3c44e750ce23c352c3d9f74555c099754bd7ad000e14ad338be
x86_64	npm-8.19.4-1.16.20.1.1.module_el8.8.0+3594+e74fe53f.x86_64.rpm	38ef4150cd8bfbb42aecccdfa092b010ad7039ab520c3e5cef6e6dc3f99ccbaa
x86_64	nodejs-full-i18n-16.20.1-1.module_el8.8.0+3594+e74fe53f.x86_64.rpm	406f1f33dff95ebe51fea9ca3feb7f0160e817609d88eca985c27cf84043c19b
x86_64	nodejs-16.20.1-1.module_el8.8.0+3594+e74fe53f.x86_64.rpm	562a3ed3124686692a116cb7f28e504aa40144f318321678f204eeaa825400b8
x86_64	nodejs-devel-16.20.1-1.module_el8.8.0+3594+e74fe53f.x86_64.rpm	e4f0a7e554077db3af5516bc90fc87a0805802be8adcdc37a69a27aa989d492b

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.