[ALSA-2023:2655] Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2023-05-11
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.19.1), nodejs-nodemon (2.0.20). Security Fix(es): * c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904) * http-cache-semantics: Regular Expression Denial of Service (ReDoS) vulnerability (CVE-2022-25881) * Node.js: Permissions policies can be bypassed via process.mainModule (CVE-2023-23918) * Node.js: Fetch API did not protect against CRLF injection in host headers (CVE-2023-23936) * Node.js: insecure loading of ICU data through ICU_DATA environment variable (CVE-2023-23920) * Node.js: Regular Expression Denial of Service in Headers fetch API (CVE-2023-24807) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-16.19.1-1.el9_2.aarch64.rpm 21edd050b8a1367902b08cf650585c527e6da8a23fac85841b026118482252d0
aarch64 nodejs-full-i18n-16.19.1-1.el9_2.aarch64.rpm 27dbc617707f21c8f253047198c19dcdbe55c13f646b5d0bbca9bbe34d942bd0
aarch64 nodejs-libs-16.19.1-1.el9_2.aarch64.rpm 6223dc4f72bf3aa3d931b64277dc14786822dde8a428e3ac26a25b830b035aae
aarch64 npm-8.19.3-1.16.19.1.1.el9_2.aarch64.rpm 7bb418931c497d39a82f100d11607235e3e7908dfd3f712c48c8968b03a51ac5
i686 nodejs-libs-16.19.1-1.el9_2.i686.rpm 9d099399c3b2092bce0f4c2af5ea40886743bf96af2825cf8c90f11c86770bfa
noarch nodejs-docs-16.19.1-1.el9_2.noarch.rpm f11bb41fc5bd941d6b4ceaabcbd5a55df759beac7e34945b8cd3a3f52838fe29
ppc64le nodejs-16.19.1-1.el9_2.ppc64le.rpm 75b1f2341fabecff21cef26890ebfc9c38a3f7bbc503f90087235e754460f81f
ppc64le nodejs-libs-16.19.1-1.el9_2.ppc64le.rpm 84c1c9f1a8bb85514748d8b489f38d0c73c680891dd7520e2cffc1193b49da0b
ppc64le nodejs-full-i18n-16.19.1-1.el9_2.ppc64le.rpm bf88aee711893d404ac3cd1d37103f1dacb7e3e735ab629dd5fa918d0b175620
ppc64le npm-8.19.3-1.16.19.1.1.el9_2.ppc64le.rpm dd451ee576194b0777ff5e3c6a11f925f255a211adb09b3c98df0eeb3d173fd6
s390x nodejs-16.19.1-1.el9_2.s390x.rpm 1f7b5f8af84ff09c90527d7e00a0b98263d0faee186a9e5eb55db70975145055
s390x npm-8.19.3-1.16.19.1.1.el9_2.s390x.rpm 2bf77f9131b6c2c4679c84f3e6251579ebe37b89a0dc844a6fa6fda6d9eb77d9
s390x nodejs-full-i18n-16.19.1-1.el9_2.s390x.rpm 6fdfab75ad45a2a894052d4c4b96c02d1a987cec99bf6c17df71bbcd19c70252
s390x nodejs-libs-16.19.1-1.el9_2.s390x.rpm 8667e92de9ab4bd457a72cf80ec7e205928992ee0a352213b423b455976700a0
x86_64 nodejs-libs-16.19.1-1.el9_2.x86_64.rpm 6d2aae99a1950446554cf9dfe7e075a5376ba71e6f5e977b0ddfb43b4bc08569
x86_64 npm-8.19.3-1.16.19.1.1.el9_2.x86_64.rpm 72623d25f395d99e6826d1267e131d063a1b933ae607de84046b97df5a7ea053
x86_64 nodejs-full-i18n-16.19.1-1.el9_2.x86_64.rpm 77bcb7f9716fca429fecc1db2a489306be22d2db3e9dcb0671b975595856fc2e
x86_64 nodejs-16.19.1-1.el9_2.x86_64.rpm 927394e1e17f583b8f85ae245948a2175352fd8048fa5d34873790bbd37fa3de
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.