ALSA-2023:4330

[ALSA-2023:4330] Moderate: nodejs:18 security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-08-02

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The package has been upgraded to a later upstream version: nodejs (18). (BZ#2223314, BZ#2223316, BZ#2223318, BZ#2223319, BZ#2223320, BZ#2223354)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)
* nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)
* nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)
* nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-9.5.1-1.18.16.1.1.module_el9.2.0+31+cbae0c8e.aarch64.rpm	00a532e2f1eb3d33a42e3cf35a1aade6285a096bc5c7cae43f5f2fb25dd5ad7c
aarch64	nodejs-full-i18n-18.16.1-1.module_el9.2.0+31+cbae0c8e.aarch64.rpm	13382510d71c6e1824073e7029733af3886ded2dfb4a14afaef6434703552303
aarch64	nodejs-devel-18.16.1-1.module_el9.2.0+31+cbae0c8e.aarch64.rpm	a4797c04a0ec53b9f080b97074a049481ad68707e726ab2c3b562eb921e4ce5c
aarch64	nodejs-18.16.1-1.module_el9.2.0+31+cbae0c8e.aarch64.rpm	e79c3aaf0830a997b04952125c6150b1f36056ade3b01d63bb0afea404860901
noarch	nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch	nodejs-docs-18.16.1-1.module_el9.2.0+31+cbae0c8e.noarch.rpm	8c3fa3cb42ef5df1bf9ca20ec5f9cc2c56e702231b236e37670681e241c5fa63
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
noarch	nodejs-nodemon-2.0.20-2.module_el9.2.0+29+de583a0b.noarch.rpm	f50193ade11d258bdd6c8782db590f72eaeb21799f8df9703e96ffd60644688d
ppc64le	nodejs-devel-18.16.1-1.module_el9.2.0+31+cbae0c8e.ppc64le.rpm	4e77dabfeba6ff229178b9aa4c0d07a574a893be87e9095b1a30a404aee5e86a
ppc64le	nodejs-18.16.1-1.module_el9.2.0+31+cbae0c8e.ppc64le.rpm	5afcef5a61b938c82705f463b9fb7dbbea922468e93bf78b2e6f2c1892f406b4
ppc64le	npm-9.5.1-1.18.16.1.1.module_el9.2.0+31+cbae0c8e.ppc64le.rpm	d0cfe149d2ccbf5ffda89b1f356c1441cbc6f90ace4656466f5aba056d75b45e
ppc64le	nodejs-full-i18n-18.16.1-1.module_el9.2.0+31+cbae0c8e.ppc64le.rpm	e77bd2333e6e7513ecaac2195d8a443ea86a90628ac740bec42288218198d0be
s390x	nodejs-full-i18n-18.16.1-1.module_el9.2.0+31+cbae0c8e.s390x.rpm	4a01168d419ea9a4e591d6edc6ae056aa40e63eb2e5d6c2b433bc275547ec322
s390x	npm-9.5.1-1.18.16.1.1.module_el9.2.0+31+cbae0c8e.s390x.rpm	a4c535a4c3185c88b10322976802ce7e612822365c5c3a5b58fdea8722167541
s390x	nodejs-18.16.1-1.module_el9.2.0+31+cbae0c8e.s390x.rpm	a874b6031ba6c67adb0ef0c2d8f6d2d1910b26ef507493bb57b1a44225886cdd
s390x	nodejs-devel-18.16.1-1.module_el9.2.0+31+cbae0c8e.s390x.rpm	f16e2d023963348428566819d3d1b451c1a97f64a046bf36378f82e16631f031
x86_64	npm-9.5.1-1.18.16.1.1.module_el9.2.0+31+cbae0c8e.x86_64.rpm	1ef77589fea74091db051fa06c949e74e8a4782474ee07b4e8c00b4ab3b3dfb7
x86_64	nodejs-full-i18n-18.16.1-1.module_el9.2.0+31+cbae0c8e.x86_64.rpm	9d7e81a5270701ec3281cb8ac73d0b029873c011372530ec475cb933e7b5a847
x86_64	nodejs-devel-18.16.1-1.module_el9.2.0+31+cbae0c8e.x86_64.rpm	b331487ddcb18f5ae3794837b4e10034b3d4c6bb388dabd0fd192c25787aa087
x86_64	nodejs-18.16.1-1.module_el9.2.0+31+cbae0c8e.x86_64.rpm	fd99cfe2facf731f4e849658088dc1a09cf6028f08266eaace1eabc0e0db0173

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.