[ALSA-2022:6963] Important: nodejs security update
Type:
security
Severity:
important
Release date:
2023-03-13
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.17.1). Security Fix(es): * nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255) * nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm 75d87651325402ef7035349f294cea7cfcdb53292e421b07986344a51e5ec3e8
aarch64 nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm 8259fcf0f18d8f629d545d9df1573df5409aa32abf3ad9cdd02e7933b1a9c7f3
aarch64 nodejs-libs-16.17.1-1.el9_0.aarch64.rpm b8e1f4824d013d72b66c3ac922b204026777a79e938a778eb6295374d9c0e733
aarch64 nodejs-16.17.1-1.el9_0.aarch64.rpm f74580e2d438b12b7a826d3fcacd63e8ad0638627e5aa58811b1a8a0055ef41f
i686 nodejs-libs-16.17.1-1.el9_0.i686.rpm dfc9e65ea6573cc240c0840dad0d3853758223f815f5a887ee6872e0b7eca5a2
noarch nodejs-docs-16.17.1-1.el9_0.noarch.rpm 025d8cf2ef9c89f70a4254dae5644efaa1dfaa4f88db77dec807afd44515bd8c
ppc64le nodejs-16.17.1-1.el9_0.ppc64le.rpm 63ede40b1f1c9e126b44a17d479555f84a2a59b988c742e69a7231b1bf0dfda4
ppc64le npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm 80742308fb3e08610c45202cf6dfe3fa9edbf6f8e19b9788c5ef49232661317f
ppc64le nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm 9bed70c6398029715fbefd32d7d88843c50cdbad2fb79664359e130bfaf98750
ppc64le nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm a4636231da5d605d2a18adbbe9549ad14f6bf1fe4dc7a7eb7ece8450b973daa0
s390x npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm 010ce55fd7f4b99fc64cd309abf08101e8a97a9b75bff513faeb833d0b725d9f
s390x nodejs-16.17.1-1.el9_0.s390x.rpm 590bec1e3025a4e9ce6f99ec31334ab8fa075a3ba3043c1302fa9c48a0aaadde
s390x nodejs-libs-16.17.1-1.el9_0.s390x.rpm 807232891ec884518f3e57b6fbc5262225e8b43b74db337ecf91496354026791
s390x nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm dd0d43ef0ebe4f59f4f4235c3735ab8b0fe77f10e5c22d5ff9b706ba0de4ca07
x86_64 nodejs-libs-16.17.1-1.el9_0.x86_64.rpm 02b1fa3316afccf54f476e3107a9e856fd01bfa038f620849ebebc6ae5aa9f21
x86_64 nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm 407ab5eeeab8ca27be35d35bea480b4fcdc6ccae79788892fa4bbda5bdcc3bd7
x86_64 nodejs-16.17.1-1.el9_0.x86_64.rpm 6ef77b8d72a105f2e9a94f0812cb6b02c3499a3889dbb4db20162e5efb2459cd
x86_64 npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm e00fdc38440c6c0087c25a0e018fd59e078f0a8f7312b3e936d2ebafea798318
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.