[ALSA-2024:1687] Important: nodejs:20 security update
Type:
security
Severity:
important
Release date:
2024-04-09
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) * nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896) * nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891) * nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890) * nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-full-i18n-20.11.1-1.module_el8.9.0+3775+d8460d35.aarch64.rpm 1d5b2dfcfcf7b101110387722a99d9ff3085e15f1ca7881edf2ca3c4270ffb2e
aarch64 npm-10.2.4-1.20.11.1.1.module_el8.9.0+3775+d8460d35.aarch64.rpm 5635191f95647d4d7771f7d00b067e652e779595f494b8b85009419b88035af0
aarch64 nodejs-20.11.1-1.module_el8.9.0+3775+d8460d35.aarch64.rpm a1c8eef2d1b53e02907a16579f4439c85952a6919172daa9a8b294993c51d7e8
aarch64 nodejs-devel-20.11.1-1.module_el8.9.0+3775+d8460d35.aarch64.rpm e401a78e055ca94410b3ede581f28f2366e3de1970fe57c852d90fe4ed20f12f
noarch nodejs-packaging-2021.06-4.module_el8.9.0+3684+11b9e959.noarch.rpm 2737beb0b9ef67ff6403ed0e4f69f5ab715d85eb5860974b3755cefb24e3b7f9
noarch nodejs-nodemon-3.0.1-1.module_el8.9.0+3731+490e3ce5.noarch.rpm 8aef59eb02816fbfcc43df6a4074cc51485b810317c50f44739b0798ac8065de
noarch nodejs-packaging-bundler-2021.06-4.module_el8.9.0+3684+11b9e959.noarch.rpm b9f7128be10cd497d323808f86402c91a970afde6884b8967695e20fa4060629
noarch nodejs-docs-20.11.1-1.module_el8.9.0+3775+d8460d35.noarch.rpm ba40f7fd81c94874c9c3046a9503a38675fa9d846e9f504187a4efa2f65460ee
ppc64le nodejs-full-i18n-20.11.1-1.module_el8.9.0+3775+d8460d35.ppc64le.rpm 0317a18f50ec94448d2ba46833a06549bf949628a6804b8f588e6c7a3e4a2b35
ppc64le nodejs-devel-20.11.1-1.module_el8.9.0+3775+d8460d35.ppc64le.rpm 1695e926be204f62df002a59982f88d553b7edef37eee7139270ee46d9a697cb
ppc64le npm-10.2.4-1.20.11.1.1.module_el8.9.0+3775+d8460d35.ppc64le.rpm 832fc47928b780a81e3061177568459267e14f8ea4b9fa0f4862c426bc33088e
ppc64le nodejs-20.11.1-1.module_el8.9.0+3775+d8460d35.ppc64le.rpm a9a53e9818e53ab829fc4a0f248b1a0c387a55656cd24cf074c699421788137a
s390x nodejs-20.11.1-1.module_el8.9.0+3775+d8460d35.s390x.rpm 2f563b46e39458fc2fd6946c49f476be7f880571ac9c3f8748973903a83b0fd4
s390x npm-10.2.4-1.20.11.1.1.module_el8.9.0+3775+d8460d35.s390x.rpm 43399ce117fe6d0357214ef3d593b73d8ab75851322bdb78e1b32d36ed69fbbb
s390x nodejs-devel-20.11.1-1.module_el8.9.0+3775+d8460d35.s390x.rpm 5d00b6badd14a9d2e9de26bf03e5e7c05038ff4f06b8c59ed3b1ff17167b7006
s390x nodejs-full-i18n-20.11.1-1.module_el8.9.0+3775+d8460d35.s390x.rpm c8dff17c3eac7b1cd5d8ae9cff83cb26744ba5bd5e9d15e5aac778b8e933d758
x86_64 nodejs-devel-20.11.1-1.module_el8.9.0+3775+d8460d35.x86_64.rpm 1dd7398612f90bf1dbdd36e755ce9885e5c82fd977864635b1998c923693d811
x86_64 npm-10.2.4-1.20.11.1.1.module_el8.9.0+3775+d8460d35.x86_64.rpm 45762b5563d1cd3aa04be64e30dc7f4218f47bcfb9342f01b5a597b0ff217142
x86_64 nodejs-20.11.1-1.module_el8.9.0+3775+d8460d35.x86_64.rpm 5aa6e769718c9fd3f5bebb9f8a59ce6ed6626a0827c63233625593db818db781
x86_64 nodejs-full-i18n-20.11.1-1.module_el8.9.0+3775+d8460d35.x86_64.rpm 7a6d5700eda52c728b7826d9460bf96be4e1c204eb82bfecf652e7adf28a4205
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.