[ALSA-2024:1510] Important: nodejs:18 security update
Type:
security
Severity:
important
Release date:
2024-04-02
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.aarch64.rpm 3e8736bc2fe0a59005919cb29c2e8b33b0f209f74816c69cfd6f1466588c4004
aarch64 nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.aarch64.rpm 49b66935215607fb12ff1b7d56839c2f0621b8b1eb31aa43e01cc069cd8e2046
aarch64 npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.aarch64.rpm 6724e5e5ee7a9138aa84e2ae6f1640bc52a2eca6ac0ee4bf43aabd904766f882
aarch64 nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.aarch64.rpm f7a9539de2c57d26a5a25fa8feb1b552112c9b8d2657c5d3c3b13e5272e869e4
noarch nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm 1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm 9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
noarch nodejs-docs-18.19.1-1.module_el8.9.0+3753+4de0891b.noarch.rpm ebea7b81320dda8e124a35df8f8a7490d9af812e97bcc2657271e0c4a6432452
ppc64le npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.ppc64le.rpm 114969289a2c7bf245b99a3d5fbdcd743547f4fed608b04aad9bf1d35d199b09
ppc64le nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.ppc64le.rpm 1d9048565fa0386bfbb3258cdd19e626068a24d83b793a2c290b419195591794
ppc64le nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.ppc64le.rpm 929687a015a561d59ab11bc2423f0b5a1f5d94cc621b01e0c8f1a3c8528b3561
ppc64le nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.ppc64le.rpm 97b5bc9838d44de59936e92de8d8614f272e8006e6080d8af778df7f20e529b4
s390x nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.s390x.rpm 76ab4c516ffc87f7b1ad69ee51fe8f3108d9e63c1a7b8f9327a9bb51a2e06480
s390x nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.s390x.rpm 9bd562bd1fae65f2d262de69f857bbfe83b41e9c9d0eab3df791f4c226e8b04f
s390x npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.s390x.rpm a6343500fc8d38a9858e57d18c8d06bb5e6258979b05e9537f23da63d9052e4b
s390x nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.s390x.rpm c361d9cc5ad83236a363be0e668dd4485b1c8633ae01ba849508574813c6ccef
x86_64 npm-10.2.4-1.18.19.1.1.module_el8.9.0+3753+4de0891b.x86_64.rpm 131e16beea850da687d5f4b6ed6428c4f265113734adadaee5062700e1cee2bc
x86_64 nodejs-devel-18.19.1-1.module_el8.9.0+3753+4de0891b.x86_64.rpm 1c6561030cf7e790ddaf366ff5bf08bdf903d8a90592bfd41790b424760412ab
x86_64 nodejs-full-i18n-18.19.1-1.module_el8.9.0+3753+4de0891b.x86_64.rpm 49f98df0a65ee112a561c060d510d7a64d198aae342cf95b008b52f653e83f88
x86_64 nodejs-18.19.1-1.module_el8.9.0+3753+4de0891b.x86_64.rpm d14ef92b0887985158f65065d3430b250bf021722ceab1326e0098c9a087d68f
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.