ALSA-2023:5532

[ALSA-2023:5532] Important: nodejs security and bug fix update

Type:

security

Severity:

important

Release date:

2023-10-09

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)
* nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006)
* nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

* nodejs: Rebase to the latest Nodejs 16 release [almalinux-9] (BZ#2236434)

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-full-i18n-16.20.2-1.el9_2.aarch64.rpm	0a524ab5833cd496a4c12d35c6454b4efbcaef8275382f79d7ce8445dd909c72
aarch64	nodejs-libs-16.20.2-1.el9_2.aarch64.rpm	2b2c4911c1d8ceebfaf6b2f622b45d5510073e3c835268542cdc240f02aa37f2
aarch64	npm-8.19.4-1.16.20.2.1.el9_2.aarch64.rpm	541473c9e5dc94e299fb6ea444aac17af74a0b61b58473872ac3296a66d557db
aarch64	nodejs-16.20.2-1.el9_2.aarch64.rpm	cd918f20518d9cfb703b7538ca4edecb7885ebc3e905418b9c8df351eb8e786a
i686	nodejs-libs-16.20.2-1.el9_2.i686.rpm	c64c08c33c7668d08498995f1e6a3d59a1046d39dadfd48da093b6a924f2bf7b
noarch	nodejs-docs-16.20.2-1.el9_2.noarch.rpm	e9b2779d80a707dc7add98c8b2e875b6ce047e4af60f689ad6b78da46cb089ff
ppc64le	nodejs-libs-16.20.2-1.el9_2.ppc64le.rpm	0b34239a91ee00bd2cebda08ca549acc24ec1838f5c6fa2583eb6a78b4cfd934
ppc64le	nodejs-16.20.2-1.el9_2.ppc64le.rpm	2a88e60cc9552a26c770a91a5fa0e4e85aa1ed5e3562117c278ab2d8939b0b71
ppc64le	nodejs-full-i18n-16.20.2-1.el9_2.ppc64le.rpm	ab7eec9c096f7cf1d66165c390f98ae5be7bff6f2a6fe208373b41ff03bcb23c
ppc64le	npm-8.19.4-1.16.20.2.1.el9_2.ppc64le.rpm	fd77d30bc8abb317ad0d03857473c8e34549393f612bdb67ce80499f9d139b92
s390x	npm-8.19.4-1.16.20.2.1.el9_2.s390x.rpm	5eb90431bbcbcf692e364ced5a89630b6ba0f9220327617940edd83123e185e8
s390x	nodejs-16.20.2-1.el9_2.s390x.rpm	b03a01d2894dae0461455a6c55987db0969945b79df9efa3f7db9bf3148240ca
s390x	nodejs-full-i18n-16.20.2-1.el9_2.s390x.rpm	d82727198b52f71adadf8ab922223272d505951911ad27320b14e5abc1c1657b
s390x	nodejs-libs-16.20.2-1.el9_2.s390x.rpm	d9465afd8debebcd5d40b03a37bdf4cdf13c4ab727b324c730aacca6d235a072
x86_64	nodejs-16.20.2-1.el9_2.x86_64.rpm	014d6a8dc96837c198f863d06bd88015bd650c7a55949a15e1e6b836a286b000
x86_64	nodejs-libs-16.20.2-1.el9_2.x86_64.rpm	32f9b4465d84f74ccc1e9602595b27c5917aaffb894460cc40e3eb09f91f83d7
x86_64	nodejs-full-i18n-16.20.2-1.el9_2.x86_64.rpm	45d80c006a24eed7a2fc24580f19eb3bbb62898f8723cca3af82dafb54c6919e
x86_64	npm-8.19.4-1.16.20.2.1.el9_2.x86_64.rpm	466d9013090334807d3c0c44bb4243d867413ba4737bf60f2a500ef2f944a4d1

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.