ALSA-2023:5363

[ALSA-2023:5363] Important: nodejs:18 security, bug fix, and enhancement update

Type:

security

Severity:

important

Release date:

2023-09-27

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

The following packages have been upgraded to a later upstream version: nodejs (18). (BZ#2223313, BZ#2234404)

Security Fix(es):

* nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)
* nodejs-semver: Regular expression denial of service (CVE-2022-25883)
* nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006)
* nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-full-i18n-18.17.1-1.module_el9.2.0+36+853e48f5.aarch64.rpm	16d209bf006874e2d289ec76ffc1abd786ba5f90f25fbb90b077730a29537ec4
aarch64	nodejs-18.17.1-1.module_el9.2.0+36+853e48f5.aarch64.rpm	6d07cfd73e7b617b281b1e08cb62b9b47a18f16e08d6d089c1fce9639d7ed2fa
aarch64	nodejs-devel-18.17.1-1.module_el9.2.0+36+853e48f5.aarch64.rpm	6eb5bf1c99cb558e63ecaff64a75af1c504230a07b7cb7d8c397e2fde523a11c
aarch64	npm-9.6.7-1.18.17.1.1.module_el9.2.0+36+853e48f5.aarch64.rpm	e7f98407a08e585d90f783ddfdad8fb7299d3f5ec45e1c19faf083a5d5ca93b3
noarch	nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm	6e3f86ef560d05b76cc9e5f81bdbcf1617374c3c12815325d267d44057a954e8
noarch	nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
noarch	nodejs-docs-18.17.1-1.module_el9.2.0+36+853e48f5.noarch.rpm	c88feff14205e859cd2c765c6acb71f2b608773fddc3b6ebdb1247243500c6c0
ppc64le	npm-9.6.7-1.18.17.1.1.module_el9.2.0+36+853e48f5.ppc64le.rpm	633a5faf8855719d8aacb0cbb6ff51dea5dc7adf82b1423a99c5e1241e28d138
ppc64le	nodejs-18.17.1-1.module_el9.2.0+36+853e48f5.ppc64le.rpm	64d90866a03b02e40c8c9ba50a7ff59791b5c41dca6d6e7e3004bb2438d78d90
ppc64le	nodejs-devel-18.17.1-1.module_el9.2.0+36+853e48f5.ppc64le.rpm	8bda3c879985262b2df35e5e8235f99bf1af9622a944f7e09c977163e60c6c69
ppc64le	nodejs-full-i18n-18.17.1-1.module_el9.2.0+36+853e48f5.ppc64le.rpm	97b502f7d03e568cf31db9e1904261a00de319d336f70535fc2290582912c62b
s390x	nodejs-18.17.1-1.module_el9.2.0+36+853e48f5.s390x.rpm	03f7adff15426b9b50924d8a60298564c3bc215f47f4ceae64d0f75977ac8e0a
s390x	npm-9.6.7-1.18.17.1.1.module_el9.2.0+36+853e48f5.s390x.rpm	28779f040572af53532f541d19ea1bc6f9699fb8559f3a1f1273d7a644104857
s390x	nodejs-devel-18.17.1-1.module_el9.2.0+36+853e48f5.s390x.rpm	3c2944d7c2f496cb6711a39085df933b29db8b5524a9bca1186a29bb5384175d
s390x	nodejs-full-i18n-18.17.1-1.module_el9.2.0+36+853e48f5.s390x.rpm	a27567fd511cfb83e5ab4adab666f5b2abfe38132ed93fcf071ae6034bfa4b69
x86_64	npm-9.6.7-1.18.17.1.1.module_el9.2.0+36+853e48f5.x86_64.rpm	390ccf89fc0e9bfbc630e9b1937053f0ace12b27550b8e6c1e90391183211c6e
x86_64	nodejs-full-i18n-18.17.1-1.module_el9.2.0+36+853e48f5.x86_64.rpm	57a153cd75c72fe6c174dd6b6943c571dc21d93a8b9e65a752d9e3606779ff52
x86_64	nodejs-18.17.1-1.module_el9.2.0+36+853e48f5.x86_64.rpm	6ed236aa0539db981ab056c6d9a9d5e12f0726e8b32994c9ef19db88545a92d2
x86_64	nodejs-devel-18.17.1-1.module_el9.2.0+36+853e48f5.x86_64.rpm	fbcc74c958adc5eb5acb151b1856687450ab281b69322a6575a2ab4275043b16

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.