ALSA-2023:3586

[ALSA-2023:3586] Important: nodejs security update

Type:

security

Severity:

important

Release date:

2023-06-23

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-16.19.1-2.el9_2.aarch64.rpm	12ef2d63a1a15412132917ede63616b3df1b6889b3cfc913e743ad4b7199be3d
aarch64	nodejs-libs-16.19.1-2.el9_2.aarch64.rpm	4bbaa2305538652f1fc3a30a8e4bea97979fec779ca2cbd06e5127fa23af2fdc
aarch64	nodejs-full-i18n-16.19.1-2.el9_2.aarch64.rpm	5dba4447297cc5fc1d163136b42cbb7d9e997ad0b8e51d2210fbc03f18168f7e
aarch64	npm-8.19.3-1.16.19.1.2.el9_2.aarch64.rpm	d0487be7f27d0c0b75f88731b83ac6735bfd543e278b73959d92c9c7271dd507
i686	nodejs-libs-16.19.1-2.el9_2.i686.rpm	4f6c9558da020f1782da99eb1fe4d70f42e6ead39fc571361ebeb2ac99cbf611
noarch	nodejs-docs-16.19.1-2.el9_2.noarch.rpm	d1f77d444195b730f9ffb538a9426aba8ee41a9d5fb373cc4db872046e2cf19b
ppc64le	nodejs-full-i18n-16.19.1-2.el9_2.ppc64le.rpm	1709346cd1aa4d5f7a6c3e7a2b4a55c4cfd37bb0c0ecb0c581df9182da9315e9
ppc64le	nodejs-16.19.1-2.el9_2.ppc64le.rpm	269f2f09df6cf0ebab652850bdc8d53682d1a6a660f5981c3cffc7ca145cc5f8
ppc64le	nodejs-libs-16.19.1-2.el9_2.ppc64le.rpm	405664c6e4abf813116758bf73be9d07b374e3854bd333ea9c4ceb4a824e9941
ppc64le	npm-8.19.3-1.16.19.1.2.el9_2.ppc64le.rpm	5d16745b671d22a88a8d862d27c41a2ffeab14ad7a1b83461fe7427ac26237c5
s390x	nodejs-full-i18n-16.19.1-2.el9_2.s390x.rpm	2b178ec4de209bd9ebf53331ff8845cf8aa715b8be66419ef894ab3fdd92b9a6
s390x	nodejs-16.19.1-2.el9_2.s390x.rpm	56bc51d14fa00767c90db67ec8c0e35912794eb88e1af537c2e1419c04a86eab
s390x	npm-8.19.3-1.16.19.1.2.el9_2.s390x.rpm	d16899bb2806c6a49977c8c657fd299e0950f05775a1cc462405773d94152c1f
s390x	nodejs-libs-16.19.1-2.el9_2.s390x.rpm	d9fb010815c92ba9104095c5092c28a6bc28bd3bcb2a4316642d10305ed07ce5
x86_64	nodejs-full-i18n-16.19.1-2.el9_2.x86_64.rpm	2faf7a31000c9576ae04be3638511aa102464ecff1dc8616b494311ab24a04ba
x86_64	nodejs-libs-16.19.1-2.el9_2.x86_64.rpm	3de1537f4344e8f203531d739b48b09ef7b5306429b927a53c0cd540ced61668
x86_64	npm-8.19.3-1.16.19.1.2.el9_2.x86_64.rpm	ad8bc26e591260d929705c567b4c7928e9f54494eed5f7e2b04d41198cba4035
x86_64	nodejs-16.19.1-2.el9_2.x86_64.rpm	ec8e8b0d055da15161483dba2ee6f836b03d5fe057592cacb43e3e392ac56b14

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.