ALSA-2023:5849

[ALSA-2023:5849] Important: nodejs:18 security update

Type:

security

Severity:

important

Release date:

2023-10-19

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
* nodejs: code injection via WebAssembly export names (CVE-2023-39333)
* node-undici: cookie leakage (CVE-2023-45143)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-full-i18n-18.18.2-2.module_el9.2.0+43+3ebc9e20.aarch64.rpm	03d1e12c62fd1de352e35ed0645b6f5df8d2631be6c7c6c87b8e4d704f79e088
aarch64	npm-9.8.1-1.18.18.2.2.module_el9.2.0+43+3ebc9e20.aarch64.rpm	24b11cab1bbfd8d03c98c49041149d2bb615ebba08ebdce2d9890bb48e83ec34
aarch64	nodejs-devel-18.18.2-2.module_el9.2.0+43+3ebc9e20.aarch64.rpm	61e9f14ff75163deb6481a20dabf4dc8dbee7796d63eea9e1cfcd6b2fc2b2b51
aarch64	nodejs-18.18.2-2.module_el9.2.0+43+3ebc9e20.aarch64.rpm	660acb7f9e1fc2e5c4a6d8c1db19697f47eb590fbaa33d0a2eba94f277ccd359
noarch	nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm	6e3f86ef560d05b76cc9e5f81bdbcf1617374c3c12815325d267d44057a954e8
noarch	nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch	nodejs-docs-18.18.2-2.module_el9.2.0+43+3ebc9e20.noarch.rpm	85883791e1d2b0d7c9b6926a8d15707c75b2b0fad25aa1ebc7700f9d5f4145b2
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
ppc64le	nodejs-full-i18n-18.18.2-2.module_el9.2.0+43+3ebc9e20.ppc64le.rpm	496ea1d66fc5ea748d8cd713bcbf8704b029865bba9ff7ec1fee79efd66f6a7e
ppc64le	npm-9.8.1-1.18.18.2.2.module_el9.2.0+43+3ebc9e20.ppc64le.rpm	b36a2159251b3f90f114d523ad681ea851c30ac98ee9efa1628e1d1389a7078f
ppc64le	nodejs-devel-18.18.2-2.module_el9.2.0+43+3ebc9e20.ppc64le.rpm	cfd25dfbdabe55f3549373549bc5a3760aaf27b1782a9a8a3470bd28f5feea32
ppc64le	nodejs-18.18.2-2.module_el9.2.0+43+3ebc9e20.ppc64le.rpm	e9ffa35ed5fbee6b67eb52192e65549229879ebf496d5362a45af12b35c87c43
s390x	nodejs-devel-18.18.2-2.module_el9.2.0+43+3ebc9e20.s390x.rpm	0e458433ae8f266b1fa375b50983243d998514ee2f0cc0bb3224f3de67b0c11b
s390x	nodejs-full-i18n-18.18.2-2.module_el9.2.0+43+3ebc9e20.s390x.rpm	295d46b3c2837df4ab80fe5415b9fbcebf25a475d8c2e1ad8658674b47d03e0d
s390x	npm-9.8.1-1.18.18.2.2.module_el9.2.0+43+3ebc9e20.s390x.rpm	dc3775d460894bf8b8c4f89d1021fd5a8b725de1f786a49c2af5fe2590595074
s390x	nodejs-18.18.2-2.module_el9.2.0+43+3ebc9e20.s390x.rpm	fecb8b6f2231f38a70ca6c4d634f90225448b49ee4da53aa5aa7314f379a884b
x86_64	nodejs-full-i18n-18.18.2-2.module_el9.2.0+43+3ebc9e20.x86_64.rpm	20ee08538327ad1dd74c5575f72e092d9f080c67642e6ecfdfa2634793b6d1de
x86_64	npm-9.8.1-1.18.18.2.2.module_el9.2.0+43+3ebc9e20.x86_64.rpm	491f02dc43e2a66e26c7a0732deb619bdeb01d62ce736832781362358fc33fff
x86_64	nodejs-18.18.2-2.module_el9.2.0+43+3ebc9e20.x86_64.rpm	7b780d917d535c7f0dff9b5f2645195a299e95d01b2c0282191ffd25d20a5588
x86_64	nodejs-devel-18.18.2-2.module_el9.2.0+43+3ebc9e20.x86_64.rpm	d021d530fccc943de07acce99dafe5e873ded42f0d818c10daa1a4086d6725db

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.