ALSA-2023:5360

[ALSA-2023:5360] Important: nodejs:16 security, bug fix, and enhancement update

Type:

security

Severity:

important

Release date:

2023-09-27

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs (16). (BZ#2233891)

Security Fix(es):

* nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
* nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006)
* nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* nodejs:16/nodejs: nodejs.prov doesn't generate the bundled dependency for modules starting @ like @colors/colors (BZ#2237394)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.aarch64.rpm	21b7641ae3f83c852afa74329a8377b8a23e59a903b3db960eefd0f6abc3d4fd
aarch64	nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.aarch64.rpm	42fa1998d24fe6caf9a866883106b7e54e843fbf821e86f6c42785809ebacbcd
aarch64	nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.aarch64.rpm	9474574f5cb27b84eb4502c197aa434ff9fc40e35f7927a059e70c5aabfe9d4f
aarch64	nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.aarch64.rpm	c38a32f66c1c558d1ac7c790b789561846c5989a25e6b82f5abd4230b0c285ff
noarch	nodejs-nodemon-3.0.1-1.module_el8.8.0+3614+204d6f43.noarch.rpm	2b8db0b6778841b5b0d2e3e86ff1391c8b370f251408760a942901ec43e8c298
noarch	nodejs-packaging-26-1.module_el8.8.0+3614+204d6f43.noarch.rpm	55ff8b1958f44d03607bb59c4e3229e1bc8b05fa82bcc87babfe8f2b25c1c841
noarch	nodejs-docs-16.20.2-2.module_el8.8.0+3614+204d6f43.noarch.rpm	76643e9ce82b1fbe45d9fabd860df9c336402e6e5f75bb6cb6b5bd4c607fd644
ppc64le	nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.ppc64le.rpm	20d13ae30f2887a14195caaaac8bcf93bf330f98a1aa74f52ec5e093ed8285b7
ppc64le	nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.ppc64le.rpm	80debcb411965daed42d5ace6fe9f1427fa62232a78e2a9ecd17fb1c5d0d1c21
ppc64le	npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.ppc64le.rpm	aa12b1dcfb08cee0e1a2566dd63104cdea9d8f5072a10ac6068b72749ce876f6
ppc64le	nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.ppc64le.rpm	be1de5e5672c89fa9d5e776540eb78885a0004774bec3e52be423fb35d8230ff
s390x	nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.s390x.rpm	0f05666d2296bf43d689e3e0d614fcb0547bba20460e0dcfdf9e9a3944f70b60
s390x	nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.s390x.rpm	13aa008763560be8fd7abc55c8d20b73d264ccdc2d999214133cc647a993048c
s390x	npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.s390x.rpm	9f81583da5047920e20ecfc2e6b78c7453bae46beb674536af782ce036664fd4
s390x	nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.s390x.rpm	cd0618a366af3486e16c47c9d80bd3f19b06ce58fe8b9069bea94840ac3e517c
x86_64	nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.x86_64.rpm	42f7fb5310e76e42675b3064728e0d29a1012eb53d8b70ebfba097edefe88585
x86_64	nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.x86_64.rpm	6cd63d9ce7ea4cbdb5e8c2d317fc13fedbf0e4fd2648f4257b97077f94b1fed0
x86_64	nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.x86_64.rpm	e0047515cd392db793cf1505767d6c4b9527108dacf7703fe679341255c4f086
x86_64	npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.x86_64.rpm	f7a8bc5355b59b1f894dca988baf50fd2f2b2b86a5065b954029d30a3240ef77

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.