ALSA-2024:6148

[ALSA-2024:6148] Moderate: nodejs:18 security update

Type:

security

Severity:

moderate

Release date:

2024-09-03

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863)
* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792.aarch64.rpm	098f52de010498e6f46d980519cd18f6e72d0c69ad8f93e35d9e2dc22942b76d
aarch64	nodejs-18.20.4-1.module_el8.10.0+3890+5a092792.aarch64.rpm	1c10b7f0bb6433dc4e063b475fece7117f6728614c134dba60847807b24d46f1
aarch64	npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792.aarch64.rpm	52be8961ff84976a074b120b5449c7a9037414009b69347689313dbc7baa5a60
aarch64	nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792.aarch64.rpm	56a9a163f758bd8a4827a700d1b8ad92dd040bfc7333aaab4cfd11e8ac6c374c
noarch	nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm	1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-docs-18.20.4-1.module_el8.10.0+3890+5a092792.noarch.rpm	aacea7c98abaf938ef709e3c3a1a6dc79ec9d0457171e51736eb0c2c49075cb4
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	dca36d100028686323583aeddaa86efff902ff7fe29cb97d4356c309e3e899d9
ppc64le	nodejs-18.20.4-1.module_el8.10.0+3890+5a092792.ppc64le.rpm	19673e9ad7104e67c90001f9e6b672437d12692779e7a3bce50a231aa6e2cb36
ppc64le	npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792.ppc64le.rpm	8622bab705c7c02589a7844e81c2a781e71f5ea89618b525dee2448737fda138
ppc64le	nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792.ppc64le.rpm	a5793b7100962637a101cb863d8c20318034aec3d7081e91fb63bd6e694e3e97
ppc64le	nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792.ppc64le.rpm	bb48cc65483087d33af156a052761c34cc731ac310ece955f0b1ca932d27143e
s390x	nodejs-18.20.4-1.module_el8.10.0+3890+5a092792.s390x.rpm	2b26b1b6b17c70b5eff1c1f372709209a53efd5ea20bf346e60d52ce48834610
s390x	nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792.s390x.rpm	683cebe7dfc115855f64fa803e1ff64c30bc5c20501784c7fe5a5a533023bb52
s390x	npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792.s390x.rpm	ba1c2c01d20982e15d1dc3748bccd50f643722841b1413202beb3be3ea41baa2
s390x	nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792.s390x.rpm	fa8f397a66c4ad2e56363182bd087a5c0557c5b3f5e84186aa0a816012ac1264
x86_64	npm-10.7.0-1.18.20.4.1.module_el8.10.0+3890+5a092792.x86_64.rpm	19913758edb49c191eef4fd98722e5c8b3c471abecbcf2f90d685f2349ec9368
x86_64	nodejs-18.20.4-1.module_el8.10.0+3890+5a092792.x86_64.rpm	9997e8693eb6cfe24a24b49a27c8f56bc8aac1ed3924f0723dac3088e63c4c5b
x86_64	nodejs-full-i18n-18.20.4-1.module_el8.10.0+3890+5a092792.x86_64.rpm	9d2e42a63b615b41dad047aa1aacab2573f040c892e5e0472f917243e606a361
x86_64	nodejs-devel-18.20.4-1.module_el8.10.0+3890+5a092792.x86_64.rpm	f00bf0fb546066f28185b6aedaf0851e8d8f83d5cbabfe5510a6ab940fad477e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.