ALSA-2024:5814

[ALSA-2024:5814] Moderate: nodejs:20 security update

Type:

security

Severity:

moderate

Release date:

2024-08-26

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)
* nodejs: fs.lstat bypasses permission model (CVE-2024-22018)
* nodejs: fs.fchown/fchmod bypasses permission model (CVE-2024-36137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-10.8.1-1.20.16.0.1.module_el8.10.0+3882+e12e42db.aarch64.rpm	08f6a28639ebf71970b0c944b28b5566744c41b4d110c894451fa44047518bae
aarch64	nodejs-devel-20.16.0-1.module_el8.10.0+3882+e12e42db.aarch64.rpm	39ac1f10f0bd16f58c92a6b8524ffc27749d602a393dc8734b60b637e2bb8575
aarch64	nodejs-20.16.0-1.module_el8.10.0+3882+e12e42db.aarch64.rpm	81de1a315cfe6b432af4c42edb2cc980d819e248c39221bdfd115ef7d16babd7
aarch64	nodejs-full-i18n-20.16.0-1.module_el8.10.0+3882+e12e42db.aarch64.rpm	d1d17e701eb831422b24e14e9549bb422bc9326781240ddb50e728437f22a3e2
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.9.0+3775+d8460d35.noarch.rpm	333e36e8c51dc591d2757dbd45974e0565aa60a9e3bbe163fb72336963e2337d
noarch	nodejs-packaging-2021.06-4.module_el8.9.0+3775+d8460d35.noarch.rpm	7c7586553a465705e48a39065046db3c58e2ad24248d905a05639b804e463a77
noarch	nodejs-docs-20.16.0-1.module_el8.10.0+3882+e12e42db.noarch.rpm	7d8336bfe35f4a42b2501b51495196c8c8d8dc8eb1032bc8cd10cfc04fe21797
noarch	nodejs-nodemon-3.0.1-1.module_el8.9.0+3731+490e3ce5.noarch.rpm	8aef59eb02816fbfcc43df6a4074cc51485b810317c50f44739b0798ac8065de
ppc64le	nodejs-devel-20.16.0-1.module_el8.10.0+3882+e12e42db.ppc64le.rpm	1ba222692be0a0aad3c0448bebbaf5a67551261cd21621db050bccbf0ea75fa2
ppc64le	npm-10.8.1-1.20.16.0.1.module_el8.10.0+3882+e12e42db.ppc64le.rpm	5ac9d2d46a49c7b094b7f6f588e29b3ffb4f6926bdbf5f687afc9a6cb163eb0c
ppc64le	nodejs-20.16.0-1.module_el8.10.0+3882+e12e42db.ppc64le.rpm	9ed153c3acb128a66787ee8f6082bcfa276ecb1d83443658290c3877dd3edb4f
ppc64le	nodejs-full-i18n-20.16.0-1.module_el8.10.0+3882+e12e42db.ppc64le.rpm	c9d7d7db01c3ee2e4bfe3b6af5fff9742b82e4b44cd2c590aa39e199cde45dc1
s390x	nodejs-devel-20.16.0-1.module_el8.10.0+3882+e12e42db.s390x.rpm	5bcb373eb7aa196bdb4d30c4abec3c60637f2caece5afdc9e902f2924930c20d
s390x	npm-10.8.1-1.20.16.0.1.module_el8.10.0+3882+e12e42db.s390x.rpm	6ac993687e76daba24592f9d6048026f828d56d0cbff305be78f5c45d439457c
s390x	nodejs-20.16.0-1.module_el8.10.0+3882+e12e42db.s390x.rpm	7db0000973ef0e8fbc147ba2c8eee69158da5766b0f78c0f94b05ca38682d6b9
s390x	nodejs-full-i18n-20.16.0-1.module_el8.10.0+3882+e12e42db.s390x.rpm	9f026f133c5ce66298b047151e96c926e46b8fd0777b90d46c219d9b4b135ada
x86_64	nodejs-full-i18n-20.16.0-1.module_el8.10.0+3882+e12e42db.x86_64.rpm	383657fd7804cedf1bc8ed4f8c87faf7b5e74253fa351f227a118894df5cb8f4
x86_64	npm-10.8.1-1.20.16.0.1.module_el8.10.0+3882+e12e42db.x86_64.rpm	6c1b5ab875cda29c9a257a00ffe23b0500e05bb4a5fae3209deb51d17fdef3a9
x86_64	nodejs-devel-20.16.0-1.module_el8.10.0+3882+e12e42db.x86_64.rpm	6d34ef20fadc829c95440616474c3e3317ca0c871a8d0f618f2d7b59fdd319bc
x86_64	nodejs-20.16.0-1.module_el8.10.0+3882+e12e42db.x86_64.rpm	b462c7b6ea0cc01c2df68eb47ce76f3c02a39b07c64241fbb15714a258915c04

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.