[ALSA-2023:5360] Important: nodejs:16 security, bug fix, and enhancement update
Type:
security
Severity:
important
Release date:
2023-09-27
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16). (BZ#2233891) Security Fix(es): * nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002) * nodejs-semver: Regular expression denial of service (CVE-2022-25883) * nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006) * nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bug Fix(es): * nodejs:16/nodejs: nodejs.prov doesn't generate the bundled dependency for modules starting @ like @colors/colors (BZ#2237394)
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.aarch64.rpm 21b7641ae3f83c852afa74329a8377b8a23e59a903b3db960eefd0f6abc3d4fd
aarch64 nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.aarch64.rpm 42fa1998d24fe6caf9a866883106b7e54e843fbf821e86f6c42785809ebacbcd
aarch64 nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.aarch64.rpm 9474574f5cb27b84eb4502c197aa434ff9fc40e35f7927a059e70c5aabfe9d4f
aarch64 nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.aarch64.rpm c38a32f66c1c558d1ac7c790b789561846c5989a25e6b82f5abd4230b0c285ff
noarch nodejs-nodemon-3.0.1-1.module_el8.8.0+3614+204d6f43.noarch.rpm 2b8db0b6778841b5b0d2e3e86ff1391c8b370f251408760a942901ec43e8c298
noarch nodejs-packaging-26-1.module_el8.8.0+3614+204d6f43.noarch.rpm 55ff8b1958f44d03607bb59c4e3229e1bc8b05fa82bcc87babfe8f2b25c1c841
noarch nodejs-docs-16.20.2-2.module_el8.8.0+3614+204d6f43.noarch.rpm 76643e9ce82b1fbe45d9fabd860df9c336402e6e5f75bb6cb6b5bd4c607fd644
ppc64le nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.ppc64le.rpm 20d13ae30f2887a14195caaaac8bcf93bf330f98a1aa74f52ec5e093ed8285b7
ppc64le nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.ppc64le.rpm 80debcb411965daed42d5ace6fe9f1427fa62232a78e2a9ecd17fb1c5d0d1c21
ppc64le npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.ppc64le.rpm aa12b1dcfb08cee0e1a2566dd63104cdea9d8f5072a10ac6068b72749ce876f6
ppc64le nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.ppc64le.rpm be1de5e5672c89fa9d5e776540eb78885a0004774bec3e52be423fb35d8230ff
s390x nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.s390x.rpm 0f05666d2296bf43d689e3e0d614fcb0547bba20460e0dcfdf9e9a3944f70b60
s390x nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.s390x.rpm 13aa008763560be8fd7abc55c8d20b73d264ccdc2d999214133cc647a993048c
s390x npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.s390x.rpm 9f81583da5047920e20ecfc2e6b78c7453bae46beb674536af782ce036664fd4
s390x nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.s390x.rpm cd0618a366af3486e16c47c9d80bd3f19b06ce58fe8b9069bea94840ac3e517c
x86_64 nodejs-16.20.2-2.module_el8.8.0+3614+204d6f43.x86_64.rpm 42f7fb5310e76e42675b3064728e0d29a1012eb53d8b70ebfba097edefe88585
x86_64 nodejs-full-i18n-16.20.2-2.module_el8.8.0+3614+204d6f43.x86_64.rpm 6cd63d9ce7ea4cbdb5e8c2d317fc13fedbf0e4fd2648f4257b97077f94b1fed0
x86_64 nodejs-devel-16.20.2-2.module_el8.8.0+3614+204d6f43.x86_64.rpm e0047515cd392db793cf1505767d6c4b9527108dacf7703fe679341255c4f086
x86_64 npm-8.19.4-1.16.20.2.2.module_el8.8.0+3614+204d6f43.x86_64.rpm f7a8bc5355b59b1f894dca988baf50fd2f2b2b86a5065b954029d30a3240ef77
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.