ALSA-2022:8832

[ALSA-2022:8832] Moderate: nodejs:18 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2022-12-07

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs (18.12.1). (BZ#2142809, BZ#2142830, BZ#2142834, BZ#2142856)

Security Fix(es):

* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-full-i18n-18.12.1-1.module_el9.1.0+16+91bc168f.aarch64.rpm	431ef725cac745cc09a1703e2feca76ff2d98bdb2e01c8349ea8b2855aa21f4c
aarch64	nodejs-devel-18.12.1-1.module_el9.1.0+16+91bc168f.aarch64.rpm	9d717609283cf3738ea48175eedd93c3ef7b7b7248288a920f9a4506a2e7b7e4
aarch64	nodejs-18.12.1-1.module_el9.1.0+16+91bc168f.aarch64.rpm	a28a17f9a0a447b3965a54f3c24e1234b29f5f5395b43333e8e439b0581571e0
aarch64	npm-8.19.2-1.18.12.1.1.module_el9.1.0+16+91bc168f.aarch64.rpm	c89736dc9708f81dba2ad3cbf0345bea777be2bb6f657343afd13f569e14fae8
noarch	nodejs-docs-18.12.1-1.module_el9.1.0+16+91bc168f.noarch.rpm	3f130838fecb45d434956e044b5336680c97eb73104c0e478ca0e9b23353467c
noarch	nodejs-nodemon-2.0.20-1.module_el9.1.0+16+91bc168f.noarch.rpm	4a7e1a042a9efbd31db5f5b4a6af0bc0b6d207a37fa374cf54dae97b4b0f09be
noarch	nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
ppc64le	nodejs-full-i18n-18.12.1-1.module_el9.1.0+16+91bc168f.ppc64le.rpm	1ef659778664dfebfb2909e5159b3cfd3fc4989180d17a430f080b7c65a9ef2f
ppc64le	nodejs-18.12.1-1.module_el9.1.0+16+91bc168f.ppc64le.rpm	9216ac1844034245de48dd77f37aa3044b3eaba52485f75d34ff2c7210fa1115
ppc64le	nodejs-devel-18.12.1-1.module_el9.1.0+16+91bc168f.ppc64le.rpm	aa3aac25be0ec55c4f779a044fa52f2d01bb66d849c6413166585bb477be64c6
ppc64le	npm-8.19.2-1.18.12.1.1.module_el9.1.0+16+91bc168f.ppc64le.rpm	b97a1045f4ee09702e6f16d72f2945b0823427411467f641d765fd1aeca758da
s390x	nodejs-18.12.1-1.module_el9.1.0+16+91bc168f.s390x.rpm	2735183018960fe14822e17d2ef00447489715c709238489fdc2595fad4bdeb7
s390x	npm-8.19.2-1.18.12.1.1.module_el9.1.0+16+91bc168f.s390x.rpm	67f46e815e87cb89182a0c8e25b8bbb87e54ab47b17c97fb4905d0f94e8aa33e
s390x	nodejs-devel-18.12.1-1.module_el9.1.0+16+91bc168f.s390x.rpm	7a765e6553a73589c788cc5ac3a8633e7c2a8d39af327f208bb1f675cbac98e2
s390x	nodejs-full-i18n-18.12.1-1.module_el9.1.0+16+91bc168f.s390x.rpm	c0260b2416cc6d95dfc555455e6a5334122bdf036dd02c17e30d4f1d2c41a668
x86_64	npm-8.19.2-1.18.12.1.1.module_el9.1.0+16+91bc168f.x86_64.rpm	4f99d489b611e2dbd9f839e98de1bc6a1e6a36256e4440f596b94431bf7120dc
x86_64	nodejs-devel-18.12.1-1.module_el9.1.0+16+91bc168f.x86_64.rpm	64348a478c9506268c65d2e56b903164c4a36a5072f83692072d5f3fe35c460d
x86_64	nodejs-full-i18n-18.12.1-1.module_el9.1.0+16+91bc168f.x86_64.rpm	a2cd565e49273f973ab9af27acd709166582e2bef29e95abaa9d29fd3b0e0585
x86_64	nodejs-18.12.1-1.module_el9.1.0+16+91bc168f.x86_64.rpm	a6f5fec7b39941e32d8feff6c96cd2ae1601212070b51d2f8af81e49684c0579

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.