ALSA-2023:3577

[ALSA-2023:3577] Important: nodejs:18 security update

Type:

security

Severity:

important

Release date:

2023-06-23

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-9.5.0-1.18.14.2.3.module_el9.2.0+30+e3312493.aarch64.rpm	377929e181a4dd8379b3e3497a03ea0b203018cfcc70162a957abdf6b059e230
aarch64	nodejs-full-i18n-18.14.2-3.module_el9.2.0+30+e3312493.aarch64.rpm	808821e1ef019100ecc6f2d357478d999890ca8c407d9d7c7c3ce02e201db17e
aarch64	nodejs-devel-18.14.2-3.module_el9.2.0+30+e3312493.aarch64.rpm	bdad7cd143101fec203b5617977d258c8496cc2fcf43e453357cee7c99288b45
aarch64	nodejs-18.14.2-3.module_el9.2.0+30+e3312493.aarch64.rpm	cec83ea69c983525206428d051721aad4f2158ed6c98a40099835bacb55878a4
noarch	nodejs-docs-18.14.2-3.module_el9.2.0+30+e3312493.noarch.rpm	2ad3268cdabd44f1fe5271f5aa2641b5e7eac4649848a4529d5aeaf5cf9a98fa
noarch	nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
noarch	nodejs-nodemon-2.0.20-2.module_el9.2.0+29+de583a0b.noarch.rpm	f50193ade11d258bdd6c8782db590f72eaeb21799f8df9703e96ffd60644688d
ppc64le	nodejs-full-i18n-18.14.2-3.module_el9.2.0+30+e3312493.ppc64le.rpm	081bd3ff12bc9e2f37494a2386bc1276db1d9ba1d41a8dbb3abeed8362d66299
ppc64le	nodejs-18.14.2-3.module_el9.2.0+30+e3312493.ppc64le.rpm	15421f5e5bb505c7cdc95bcbc9044d2a3d2525d3916cf727fc16b9a6adf64096
ppc64le	nodejs-devel-18.14.2-3.module_el9.2.0+30+e3312493.ppc64le.rpm	2f59734be265dd5d80a22e33faea1cf6f0657d504895d7334d802e6f11c2cced
ppc64le	npm-9.5.0-1.18.14.2.3.module_el9.2.0+30+e3312493.ppc64le.rpm	f43ea32b3824579b54870c01b49e681edc15f364b4cd50759e56c5aa6c8d7ad1
s390x	nodejs-devel-18.14.2-3.module_el9.2.0+30+e3312493.s390x.rpm	86d3bacce28dd86426bdbeff03e3e25f002c2fe6602434485b59d672bb21e584
s390x	npm-9.5.0-1.18.14.2.3.module_el9.2.0+30+e3312493.s390x.rpm	d77452600e17c684c7c68636b98b28003de2bfab034cd9645b655a0cbccc0b1d
s390x	nodejs-full-i18n-18.14.2-3.module_el9.2.0+30+e3312493.s390x.rpm	e62d7f4b3d1d13fb4cab6de469b63d63a7a4fbaf333f049acabcac2e47320401
s390x	nodejs-18.14.2-3.module_el9.2.0+30+e3312493.s390x.rpm	ea9f0070c3d8ead4392669802409a1e02f5ec26341c4715f6714338330ab8b91
x86_64	nodejs-18.14.2-3.module_el9.2.0+30+e3312493.x86_64.rpm	5dc07f582dfe5785f5083451f282a49d5a84fd0005d696538760b646667c57d9
x86_64	nodejs-full-i18n-18.14.2-3.module_el9.2.0+30+e3312493.x86_64.rpm	b51b8ff69b977ca0854df9a3d06ee45dc197b0166bf74aa62f9bed9572ba7d5d
x86_64	npm-9.5.0-1.18.14.2.3.module_el9.2.0+30+e3312493.x86_64.rpm	bd22a46c1de71ce0f82f600a8cc060ac1062d648d94152f49070f54eb37c6020
x86_64	nodejs-devel-18.14.2-3.module_el9.2.0+30+e3312493.x86_64.rpm	e3af30a3e379808411c176d0c03a5d70c77b2a6fa644119572a568748cafe542

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.