[ALSA-2024:1444] Important: nodejs:16 security update
Type:
security
Severity:
important
Release date:
2024-03-21
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.aarch64.rpm 0784b2c16cf57e2008262257526479c8cf3e22de26de1271e1e0cc77d3cd5d19
aarch64 nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.aarch64.rpm 50702ee344391216069994a9f3f2d63743e9f03556e3240b4bd32ec43f789cf8
aarch64 nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.aarch64.rpm 582cd6b2b699d5c4de97a8cc13185aed0f82bc9aeabee82d235e4237798988eb
aarch64 nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.aarch64.rpm 733e94dbfb99bfd802f32683c313135a66a93ac0ce24b10b323af63df728602e
noarch nodejs-nodemon-3.0.1-1.module_el8.8.0+3614+204d6f43.noarch.rpm 2b8db0b6778841b5b0d2e3e86ff1391c8b370f251408760a942901ec43e8c298
noarch nodejs-packaging-26-1.module_el8.8.0+3614+204d6f43.noarch.rpm 55ff8b1958f44d03607bb59c4e3229e1bc8b05fa82bcc87babfe8f2b25c1c841
noarch nodejs-docs-16.20.2-4.module_el8.9.0+3747+ead8229c.noarch.rpm ab411dbc2c275237ac49a6939a4c9e25b2457b5fb675188fcd074f8a1f67d5f4
ppc64le nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.ppc64le.rpm 2a273ac4b6a4b215ae471c3dcbce7c620bf6e1d0c8abbf9881ecb66455963954
ppc64le nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.ppc64le.rpm 46769282d703aa055f4081662dce793667f92c5c5aeec482a9cd5020d4b87656
ppc64le npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.ppc64le.rpm 90c3919c76d8280785bec827098ba5715e4a4372e0eaebc979e058b6884d2a9c
ppc64le nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.ppc64le.rpm d93f105bfdad538bbfa25effe47cafa2df4e7c57e441e28833cb040d430c7607
s390x nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.s390x.rpm 9daa85d85c154e32f9ab7dbc924d1657e140d4b3917c2ddbc663fc5700c1a105
s390x npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.s390x.rpm cfb9d26c7a566d79f410c2240a45bd766af953c492059c7ba8e2c9d576c0646a
s390x nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.s390x.rpm f034689549356f3a3484df76a4f02a0dd4a3f43a95059361f35e802f3c38dee5
s390x nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.s390x.rpm f3518869071ecf6738a477eea944de125e43efbdc07c15f34df1a533a7e7006c
x86_64 npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.x86_64.rpm 28f7e8b8907aae4eb346097d98bab32169b977842e074b1a4a61c99f1d955420
x86_64 nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.x86_64.rpm 29c25b0f08bd6101999c8cb456457b4b84d3666a4b32a5c01e4079a485efe547
x86_64 nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.x86_64.rpm 77f143859685e5da20927d458ebea1382838ab081134e92a4e7d2c767a451c91
x86_64 nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.x86_64.rpm 84f14690c5ea2c5866b54cd8a58192b57630f4a5e5e5afd340f41f089ee8ed34
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.