[ALSA-2023:2654] Moderate: nodejs:18 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-05-11
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (18.14.2). Security Fix(es): * glob-parent: Regular Expression Denial of Service (CVE-2021-35065) * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * Node.js: OpenSSL error handling issues in nodejs crypto library (CVE-2023-23919) * Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) * Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-devel-18.14.2-2.module_el9.2.0+29+de583a0b.aarch64.rpm 3ae63aa58f0a3c9599c780bd992090979f76728b9613b8433108476835c301af
aarch64 nodejs-18.14.2-2.module_el9.2.0+29+de583a0b.aarch64.rpm 3c2ba62db173dbbc6ddaf2dd470b45bdc14ca44b9204e9660a37baf0639f1e38
aarch64 npm-9.5.0-1.18.14.2.2.module_el9.2.0+29+de583a0b.aarch64.rpm 3d018452809cd5ac453701b04e72927ea6575b000b4f6b839d9b189b5a2d204f
aarch64 nodejs-full-i18n-18.14.2-2.module_el9.2.0+29+de583a0b.aarch64.rpm 53a04225a1a91a7a3a8fcbbd79e27daf36520b3a66d86675ee36c40b6576e1d1
noarch nodejs-docs-18.14.2-2.module_el9.2.0+29+de583a0b.noarch.rpm 2b9c75be404b8541ff176ec0b10e2290663b50aeadcd3991b4826604a03689e6
noarch nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm 7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm 8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
noarch nodejs-nodemon-2.0.20-2.module_el9.2.0+29+de583a0b.noarch.rpm f50193ade11d258bdd6c8782db590f72eaeb21799f8df9703e96ffd60644688d
ppc64le nodejs-full-i18n-18.14.2-2.module_el9.2.0+29+de583a0b.ppc64le.rpm 0bb2d68102fd8c043bff1189f9f6e4325db16aafaaad85a056abd8df2fba74f9
ppc64le npm-9.5.0-1.18.14.2.2.module_el9.2.0+29+de583a0b.ppc64le.rpm 2682c264f5c3b13723737f03a806ff716da52e916b90f1e2bd653d5e3822d26d
ppc64le nodejs-18.14.2-2.module_el9.2.0+29+de583a0b.ppc64le.rpm 6574bdc1cd7c2ecdf2b1bf06ecbf72f6259cb16be06a0c2616c28bbe1531b3de
ppc64le nodejs-devel-18.14.2-2.module_el9.2.0+29+de583a0b.ppc64le.rpm b4f8ad3e1d13484a2d0b2299ec6cc895a345e0297a695fa88b162ffaf9dff7b3
s390x nodejs-devel-18.14.2-2.module_el9.2.0+29+de583a0b.s390x.rpm 03b2d93513e39ff56fc6845eb19a953235dbcf9fd659ad13f41d39ed07673b4d
s390x npm-9.5.0-1.18.14.2.2.module_el9.2.0+29+de583a0b.s390x.rpm 11f86254f5ecd9731dabd6d024c21741a8840ce9e6253e1f696f64cdb6ef42a9
s390x nodejs-full-i18n-18.14.2-2.module_el9.2.0+29+de583a0b.s390x.rpm 6357078b22b34d83ec9da0517c708ffb71a56be3ce6728ad829dc929bc641f42
s390x nodejs-18.14.2-2.module_el9.2.0+29+de583a0b.s390x.rpm e83e7a665e956ace7739f7af29583c00b6cee8067c23b02968b679c509943ff6
x86_64 npm-9.5.0-1.18.14.2.2.module_el9.2.0+29+de583a0b.x86_64.rpm 1f94c5c30d3554dd5d6772e495978875f6b3aaee6699579e97e1699babaf894e
x86_64 nodejs-18.14.2-2.module_el9.2.0+29+de583a0b.x86_64.rpm 535d5e3863d7b035a3e46d65b8a5616b634b7660dd0a3c6344668724ab5faa17
x86_64 nodejs-full-i18n-18.14.2-2.module_el9.2.0+29+de583a0b.x86_64.rpm d7be1281a56b7f2819835be3d7eec42a238907d75a141e8bbc7fa1a20541fd4e
x86_64 nodejs-devel-18.14.2-2.module_el9.2.0+29+de583a0b.x86_64.rpm f9d9f4346e0e4299783eec640311c094bfef9f66e63134748357afab043346b9
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.