ALSA-2023:5869

[ALSA-2023:5869] Important: nodejs:18 security update

Type:

security

Severity:

important

Release date:

2023-10-19

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A AlmaLinux Security Bulletin which addresses further details about this flaw is available in the References section.

* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
* nodejs: code injection via WebAssembly export names (CVE-2023-39333)
* node-undici: cookie leakage (CVE-2023-45143)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-18.18.2-1.module_el8.8.0+3652+0e111ba0.aarch64.rpm	5645514e530173e7f248a4b4dcb7bea8add2704576bf4744c59688becb4212be
aarch64	nodejs-full-i18n-18.18.2-1.module_el8.8.0+3652+0e111ba0.aarch64.rpm	9d6a6947b30379dfe111f6488b49f52d617f3f646f016586943d119ef346be0c
aarch64	nodejs-18.18.2-1.module_el8.8.0+3652+0e111ba0.aarch64.rpm	b3e489f3aaf7192bb520c62a8406e3b45e1f4b896f0ac9d518627939190fb223
aarch64	npm-9.8.1-1.18.18.2.1.module_el8.8.0+3652+0e111ba0.aarch64.rpm	babd7af2b9e17c9beeab567240d11fa5e4dd8d7431267968ec97c757db216b7f
noarch	nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm	1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch	nodejs-docs-18.18.2-1.module_el8.8.0+3652+0e111ba0.noarch.rpm	6fec2683c346724c612290622fc4b607b609b6cebdaec32ffb1a63729eee4993
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le	nodejs-devel-18.18.2-1.module_el8.8.0+3652+0e111ba0.ppc64le.rpm	6aa175533ee77892edaeac7693ec59a8faf2fbf1d3df3f4d08a4566056cc3b74
ppc64le	nodejs-18.18.2-1.module_el8.8.0+3652+0e111ba0.ppc64le.rpm	90300954622389c31e98fddfe5568f3cc2b87f4026dc1f0bc380506e13d2b510
ppc64le	npm-9.8.1-1.18.18.2.1.module_el8.8.0+3652+0e111ba0.ppc64le.rpm	e810b47c7e2f8807f8f707a5048e99c7e6a82deabf23d9fcd25be8079ccc1fb9
ppc64le	nodejs-full-i18n-18.18.2-1.module_el8.8.0+3652+0e111ba0.ppc64le.rpm	ffa9575b158ac7ed8f1b7277cb3bf56851aa66da7c388aa650d6c8df4047889a
s390x	nodejs-devel-18.18.2-1.module_el8.8.0+3652+0e111ba0.s390x.rpm	3b9c93a65cfd7caec05caf3118305732c1b7eae6c4b4d64ef1aafa0d43b1c327
s390x	nodejs-18.18.2-1.module_el8.8.0+3652+0e111ba0.s390x.rpm	40a4359f9996ea393c2cbcac0db10aebe989502262ea0193fa4836acff689c25
s390x	nodejs-full-i18n-18.18.2-1.module_el8.8.0+3652+0e111ba0.s390x.rpm	5cfcdc347516505d5cdb50522976c16081177f468441b04fb4b0c2fd1d38ff58
s390x	npm-9.8.1-1.18.18.2.1.module_el8.8.0+3652+0e111ba0.s390x.rpm	8eede94cb565176770f937d4c0e40574adcd8a1b65d7160a3bd17fccda833317
x86_64	npm-9.8.1-1.18.18.2.1.module_el8.8.0+3652+0e111ba0.x86_64.rpm	0f9037659e4bdebc476bdbbd04cd3185fb95fd4e66ec50690ca448243d929771
x86_64	nodejs-18.18.2-1.module_el8.8.0+3652+0e111ba0.x86_64.rpm	c08677efdc1e8f6a97735c5427de09de115bfa5d4edba5cf8501803077e0a784
x86_64	nodejs-full-i18n-18.18.2-1.module_el8.8.0+3652+0e111ba0.x86_64.rpm	d429ad6957c8ee4e8b56fdb6d4ada8200f6564920b5df24957fdf8a1fa75156b
x86_64	nodejs-devel-18.18.2-1.module_el8.8.0+3652+0e111ba0.x86_64.rpm	d9be47a38c40b7953375f5b1e7e9828bb9db65a9017df8382bb47b9c38103d0f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.