[ALSA-2024:2778] Important: nodejs:20 security update
Type:
security
Severity:
important
Release date:
2024-05-09
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-devel-20.12.2-2.module_el8.9.0+3827+11b91f3e.aarch64.rpm 7d9cd34d8ca306abb72530d326c804697d31f9ded71c51597fd3a09f4801070d
aarch64 nodejs-20.12.2-2.module_el8.9.0+3827+11b91f3e.aarch64.rpm 92bc542e23a5124bf993f0958b12d6156d380ee3785dc55ef9e124332f9fa5e3
aarch64 npm-10.5.0-1.20.12.2.2.module_el8.9.0+3827+11b91f3e.aarch64.rpm 94ee2b999db6f7696eb8b5cffcebce5375f9ff75a591f24845e32050ac4e843b
aarch64 nodejs-full-i18n-20.12.2-2.module_el8.9.0+3827+11b91f3e.aarch64.rpm c0c054f07bc6e44e59077b4e9ed0a2ee195c82b8cd3b272d7723688ac92524aa
noarch nodejs-packaging-2021.06-4.module_el8.9.0+3684+11b9e959.noarch.rpm 2737beb0b9ef67ff6403ed0e4f69f5ab715d85eb5860974b3755cefb24e3b7f9
noarch nodejs-docs-20.12.2-2.module_el8.9.0+3827+11b91f3e.noarch.rpm 78de8a8e72e4eeed7a9a7076044fa2d8ee5e112a97270cf85321c96777d4bba3
noarch nodejs-nodemon-3.0.1-1.module_el8.9.0+3731+490e3ce5.noarch.rpm 8aef59eb02816fbfcc43df6a4074cc51485b810317c50f44739b0798ac8065de
noarch nodejs-packaging-bundler-2021.06-4.module_el8.9.0+3684+11b9e959.noarch.rpm b9f7128be10cd497d323808f86402c91a970afde6884b8967695e20fa4060629
ppc64le nodejs-devel-20.12.2-2.module_el8.9.0+3827+11b91f3e.ppc64le.rpm 02b6b0aca963a308e8c1609db62e0950eb56d59aec2bc9e6be141ec93b4a4a1e
ppc64le npm-10.5.0-1.20.12.2.2.module_el8.9.0+3827+11b91f3e.ppc64le.rpm 5a423bcae04293e5acd5769b77eb006a8c75d5abf2a940c8df5d9339339822c3
ppc64le nodejs-full-i18n-20.12.2-2.module_el8.9.0+3827+11b91f3e.ppc64le.rpm 5a5759241cc4ff6f585bc94381defb4d7168cb7da67e0f519639b4fbef88c1e3
ppc64le nodejs-20.12.2-2.module_el8.9.0+3827+11b91f3e.ppc64le.rpm 74ed0f80f22ed25b954bd7d3bc632c7eb8a535136d069731f46d211ca8e68e29
s390x nodejs-devel-20.12.2-2.module_el8.9.0+3827+11b91f3e.s390x.rpm 133ce51f9f1760dda4953f428d210786024a4f2562417f1dbd3bec85b9960b78
s390x npm-10.5.0-1.20.12.2.2.module_el8.9.0+3827+11b91f3e.s390x.rpm 30a208022e41b3e61129301f413a424614d4c70b113d980726569c3bb3a728f6
s390x nodejs-full-i18n-20.12.2-2.module_el8.9.0+3827+11b91f3e.s390x.rpm 3c7f11f5ffc589c5b8256f359dc1e38cef5bd53aa6e6479eb8b4f872268045e3
s390x nodejs-20.12.2-2.module_el8.9.0+3827+11b91f3e.s390x.rpm afbadd0be3f008c93829755d74500f2728e24199972278795d7f3aa0a241d0d2
x86_64 nodejs-20.12.2-2.module_el8.9.0+3827+11b91f3e.x86_64.rpm 0c683f6256bf0d35f9f4093ba2cc057c784783eeb88cfe2f12199016fe8fc1ea
x86_64 npm-10.5.0-1.20.12.2.2.module_el8.9.0+3827+11b91f3e.x86_64.rpm 18d7e42b9614e65e987c5770751674801ebf07a64c497f49dd72b2fe8b78a4a1
x86_64 nodejs-devel-20.12.2-2.module_el8.9.0+3827+11b91f3e.x86_64.rpm 8602b3badcdeb13796eba920d857ebf83328e758af7ca501b98989d3c667a259
x86_64 nodejs-full-i18n-20.12.2-2.module_el8.9.0+3827+11b91f3e.x86_64.rpm 953e0f065b9d88de867e29164ccae63f3e64461091cfc143a72afd8fdf1df9b8
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.