ALSA-2024:2780

[ALSA-2024:2780] Important: nodejs:18 security update

Type:

security

Severity:

important

Release date:

2024-05-09

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* nodejs: CONTINUATION frames DoS (CVE-2024-27983)
* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-10.5.0-1.18.20.2.1.module_el8.9.0+3828+c9fa9644.aarch64.rpm	4830b70bcf574037106476ff92c3ef69f35797d2ab584f7120e674a544805bdc
aarch64	nodejs-devel-18.20.2-1.module_el8.9.0+3828+c9fa9644.aarch64.rpm	b3b6b9baaee4c3949000d0939bb45ec5fb818c0c1129e9b0a62b45ad31a89c3a
aarch64	nodejs-full-i18n-18.20.2-1.module_el8.9.0+3828+c9fa9644.aarch64.rpm	eda960053f8de487f9119080044c1d6e5ef0de2cd1f11b795782755d67810b19
aarch64	nodejs-18.20.2-1.module_el8.9.0+3828+c9fa9644.aarch64.rpm	f067f6520be2e9e5aa9ae162a9222c10b3685df0b6af0326b9aece49349646f2
noarch	nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm	1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-docs-18.20.2-1.module_el8.9.0+3828+c9fa9644.noarch.rpm	b7bc195428d74d6532c8f6340f1d9f4ff77162adcae9c6d876590699165a4a56
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le	npm-10.5.0-1.18.20.2.1.module_el8.9.0+3828+c9fa9644.ppc64le.rpm	157f23f3e9caa84ae1dbca3d0542f791d344755cdc230fa51116e47d378fea0b
ppc64le	nodejs-full-i18n-18.20.2-1.module_el8.9.0+3828+c9fa9644.ppc64le.rpm	162bbc79d512e1d627b1e25c526e0779cdad1f0d92f08a9109e06c8d8ae528d7
ppc64le	nodejs-devel-18.20.2-1.module_el8.9.0+3828+c9fa9644.ppc64le.rpm	5161706b150fb2bb6bc26975f24456d6d9b88455efa518fe4af7651a0a29ba62
ppc64le	nodejs-18.20.2-1.module_el8.9.0+3828+c9fa9644.ppc64le.rpm	ac6f8c06f7ad35a987d3ecf124d856ad6ae303e8fde80bda7cf8a74ed69d985d
s390x	nodejs-devel-18.20.2-1.module_el8.9.0+3828+c9fa9644.s390x.rpm	12fb17daf03b46a0c73b3a65fb2bcaff7983a8beba55c2fbf0528b0028c80833
s390x	npm-10.5.0-1.18.20.2.1.module_el8.9.0+3828+c9fa9644.s390x.rpm	61a89bd6f10cb20a4c0000128609b3ed4c179c863d2b494f60f2e12cd1a1814b
s390x	nodejs-18.20.2-1.module_el8.9.0+3828+c9fa9644.s390x.rpm	64a1b6e415fddb1b17f709c4828c5cca499c3667db995d90c335e6eb603c44cf
s390x	nodejs-full-i18n-18.20.2-1.module_el8.9.0+3828+c9fa9644.s390x.rpm	f47ad6ccb7904bc900900f3f3647d33ffe10bc1edf2cddfbb3b4b65f466e6640
x86_64	nodejs-full-i18n-18.20.2-1.module_el8.9.0+3828+c9fa9644.x86_64.rpm	4991480d65183ed6836d9f19b203e63891781576feafbd7d6b9841f4c589fced
x86_64	npm-10.5.0-1.18.20.2.1.module_el8.9.0+3828+c9fa9644.x86_64.rpm	7f981cfa88b98ca85def0de8b03f954b28de96b9ef446503bd7d21d90070781f
x86_64	nodejs-18.20.2-1.module_el8.9.0+3828+c9fa9644.x86_64.rpm	a3ff884a708b792425b2164e84956e66f78cb0e27a7745b97609419363991d61
x86_64	nodejs-devel-18.20.2-1.module_el8.9.0+3828+c9fa9644.x86_64.rpm	e43e73299b98b341a68b3528e4773502f7551b0f291d5d75c7dfab1314fe27fe

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.