ALSA-2023:4331

[ALSA-2023:4331] Moderate: nodejs security, bug fix, and enhancement update

Type:

security

Severity:

moderate

Release date:

2023-08-02

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The package has been upgraded to a later upstream version: nodejs (16.20.1). (BZ#2223334, BZ#2223336, BZ#2223338, BZ#2223340, BZ#2223342, BZ#2223344)

Security Fix(es):

* nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)
* nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)
* nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)
* nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-16.20.1-1.el9_2.aarch64.rpm	1a8ddb492ae8c8f35a166b60f86b5b013374d26e9574b2d5f6f1fdd5f3a53c69
aarch64	nodejs-full-i18n-16.20.1-1.el9_2.aarch64.rpm	64a22bb34d51f9f7c96c90fcfe78c45bb6968de496c38c0c97aff9fc641c7590
aarch64	npm-8.19.4-1.16.20.1.1.el9_2.aarch64.rpm	6ddb4bb2448871747ae8a9d492674266c8f42e5425e8c1def8964cb855d7385e
aarch64	nodejs-libs-16.20.1-1.el9_2.aarch64.rpm	fac43c78ea3b431b7169ad2d90e0a3d3ce300071414e96d6176e4bc50f030859
i686	nodejs-libs-16.20.1-1.el9_2.i686.rpm	c5619b77ae163d49dd1739205b10c086cb322bbf462fe2780d45ceb3e522c307
noarch	nodejs-docs-16.20.1-1.el9_2.noarch.rpm	e06d71fd417fd39b1765657dd8cc90ec19f42cbe1e479373f337e9e8c57df2df
ppc64le	npm-8.19.4-1.16.20.1.1.el9_2.ppc64le.rpm	17a978ab4d384c83bfaaf3646c8964a895dd3875ac9f994d5ff90b4b0043cae6
ppc64le	nodejs-libs-16.20.1-1.el9_2.ppc64le.rpm	613e34b835b8502f64d8ebfa6152728c05172937cb2fa3c15f6d25f88d26a3dd
ppc64le	nodejs-16.20.1-1.el9_2.ppc64le.rpm	851246df8dcadef96b98905ca33c294b97ca222a334c05a72e3c28506e91f8cb
ppc64le	nodejs-full-i18n-16.20.1-1.el9_2.ppc64le.rpm	f62aa5eb96cebe649e22a279907aea1c61dd985c739d1f90a856b0a36ae3ecfc
s390x	npm-8.19.4-1.16.20.1.1.el9_2.s390x.rpm	861216e89b1f98f6cd920569310cd24a31f8115a2b9a12357b65dbd7c35d7f07
s390x	nodejs-libs-16.20.1-1.el9_2.s390x.rpm	909f71b193bc086f03b2bb43e1da9f84c57230faebecca84fb194afeaaaa275a
s390x	nodejs-16.20.1-1.el9_2.s390x.rpm	bb64757b7a7f0e9bb5f096c6d68843ecc94dce352ba5d146d8d2ef2468736396
s390x	nodejs-full-i18n-16.20.1-1.el9_2.s390x.rpm	e3172f15aa21711e39b09948882dc9bfd007809609533a20066db760416bd81e
x86_64	nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpm	2565fcc22b13d0153c5cdf3babf52e115d25da55b50994e2159b9860a408d990
x86_64	npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpm	4a55caa9a166f3050ae8368d2023ca5c58c5675391336e30f269456b11f751a3
x86_64	nodejs-libs-16.20.1-1.el9_2.x86_64.rpm	c8978ece98a1aa547eaf2b13272502441fcae12e049ee71399edb4eb9faa2153
x86_64	nodejs-16.20.1-1.el9_2.x86_64.rpm	ee14bed3df259482297d2e232db4877a72fcca889be536ee316d141144df6e37

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.