ALSA-2023:0321

[ALSA-2023:0321] Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-09-15

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20).

Security Fix(es):

* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* nodejs: Packaged version of undici does not fit with declared version. [almalinux-9] (BZ#2151627)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-8.19.2-1.16.18.1.3.el9_1.aarch64.rpm	5cb7121e53aa093f4766b75a022514917893b26ab10f045be6b57cdb93fa8628
aarch64	nodejs-16.18.1-3.el9_1.aarch64.rpm	a0710273edb65925ae8df107e124c3aa0bf8b7efb476960aa13ab5a657a05afa
aarch64	nodejs-full-i18n-16.18.1-3.el9_1.aarch64.rpm	a33cda1d5f32554d2cc167a0485807e5e39cea85303afc4308af052325a562bf
aarch64	nodejs-libs-16.18.1-3.el9_1.aarch64.rpm	c5cd8cbd9e6a049f741d6ecf7795ea385cc216095b8fbc5f3a8b8629a86be4b7
i686	nodejs-libs-16.18.1-3.el9_1.i686.rpm	42044ad22c4df58248d8928947ddfa4a68f4d97f28f1a015e1a7d5fd2a903b30
noarch	nodejs-docs-16.18.1-3.el9_1.noarch.rpm	124046435a99e559841aa8ddd18093569656cdcf6cd39c08f237736a508bfb4a
noarch	nodejs-nodemon-2.0.20-2.el9_1.noarch.rpm	609eaededba0f488032abeb94fa0bf2acb4a4b47d33f3361c396f72cdcc71abc
ppc64le	nodejs-full-i18n-16.18.1-3.el9_1.ppc64le.rpm	554206d4f966cde3214b15d606b12340f63c42ab758c0df607f8ad5f4c040f3f
ppc64le	nodejs-libs-16.18.1-3.el9_1.ppc64le.rpm	980f4617254b2f32367646ba1aa60af73c303faeec1c2e2ce0451fd51c110f76
ppc64le	nodejs-16.18.1-3.el9_1.ppc64le.rpm	bd79708d59582e1185a47ecdd99281974905fc2c69dcac3f4ad32baef3f1e8f6
ppc64le	npm-8.19.2-1.16.18.1.3.el9_1.ppc64le.rpm	f4cbd9bcc1175e294b055fedc3e4a42a7198ebb25a23428472c88d9f730b77c8
s390x	nodejs-16.18.1-3.el9_1.s390x.rpm	4266703577ec0edaf3269bef6e17539e61edf2e442a31b1ea66d7ab1a6441656
s390x	nodejs-libs-16.18.1-3.el9_1.s390x.rpm	89b5f37aff12e7b9dc41de581822b035777bcf126ff562c54b2aca6aef181fd8
s390x	nodejs-full-i18n-16.18.1-3.el9_1.s390x.rpm	cd5c852295853e6406bfc1cd3b9114acd41630e52f8f624cbe74e2caa1149609
s390x	npm-8.19.2-1.16.18.1.3.el9_1.s390x.rpm	d9b44f00b21e12d17e4c57d6a4ea1d784c53c10fd8ee8e10f2fdceb357f5bf8c
x86_64	nodejs-16.18.1-3.el9_1.x86_64.rpm	945a3846f09709c2af1520d9c462b042c7554b9ad8fb7106b104bf367ac42964
x86_64	nodejs-libs-16.18.1-3.el9_1.x86_64.rpm	c9a8a35f5df5117a821240b369e7e93d89bc26de5dfcc270474b7424fced0ce6
x86_64	nodejs-full-i18n-16.18.1-3.el9_1.x86_64.rpm	e9a341499da332f81e3fed16cab4501965bce431fbe0d610dd52b0bb21a48c86
x86_64	npm-8.19.2-1.16.18.1.3.el9_1.x86_64.rpm	f08fb93210d3bcfeb1bac1cbc1c717f4c8449cedf76d333c04df351c27b33f8e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.