[ALSA-2024:1503] Important: nodejs:18 security update
Type:
security
Severity:
important
Release date:
2024-04-04
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-18.19.1-1.module_el9.3.0+59+28b95644.aarch64.rpm 03f6daec8c9e4388dae98258ecbce4d5b6a48e361c8c2ae3c9de9a8b204d3ab6
aarch64 nodejs-devel-18.19.1-1.module_el9.3.0+59+28b95644.aarch64.rpm 9efc689d9c6d997847b35bf46714a3570622e61e9237a8e24751a850d8db2397
aarch64 npm-10.2.4-1.18.19.1.1.module_el9.3.0+59+28b95644.aarch64.rpm acc0db57a74a0493484624830e0d9db6593359c1371862d3d66c0a2ad27210f9
aarch64 nodejs-full-i18n-18.19.1-1.module_el9.3.0+59+28b95644.aarch64.rpm cae4c90abcb26db42744c87bece4fa48959460e86276b6f64fa1e43fd7c1286d
noarch nodejs-docs-18.19.1-1.module_el9.3.0+59+28b95644.noarch.rpm 6d03eb3baa9c6cffd0a6b69aba5f9734712d9468356216b59e1c3249b0339ede
noarch nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm 6e3f86ef560d05b76cc9e5f81bdbcf1617374c3c12815325d267d44057a954e8
noarch nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm 7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm 8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
ppc64le nodejs-18.19.1-1.module_el9.3.0+59+28b95644.ppc64le.rpm 24a20faa3c6e5e9526e1a076715677bbc4310538b37d35a200ef2d9910ee0533
ppc64le nodejs-full-i18n-18.19.1-1.module_el9.3.0+59+28b95644.ppc64le.rpm 635b83bb7c0948f1e03db633353b0a7aa662703fc2643f2a9fea7895671b89cc
ppc64le nodejs-devel-18.19.1-1.module_el9.3.0+59+28b95644.ppc64le.rpm 6d981afc4f40ab306fedf6f33f1ae558ebc3f5edba08480dde8301af996e8ac8
ppc64le npm-10.2.4-1.18.19.1.1.module_el9.3.0+59+28b95644.ppc64le.rpm f52a136de58d18ba5451afe60572313aeb52f20fc24ca92ceaaaa685c9baf3b7
s390x nodejs-18.19.1-1.module_el9.3.0+59+28b95644.s390x.rpm 2305c54b0dfa428ded354037dab39acfce378a5c9a4dae27631604f9fef07c61
s390x nodejs-full-i18n-18.19.1-1.module_el9.3.0+59+28b95644.s390x.rpm 296df79fafca2db7cf2c7bc40c49edcbe0292e3ecaacb18aee3ad8db7e8fc2da
s390x npm-10.2.4-1.18.19.1.1.module_el9.3.0+59+28b95644.s390x.rpm c64090190e46bde0b5a1d62b407a80516edaf625ac84770ea72bd1701ed0830f
s390x nodejs-devel-18.19.1-1.module_el9.3.0+59+28b95644.s390x.rpm e2a064d6e29e8a27146fbe656ac17164122e21f85f3386ee2c393da6ad4f1378
x86_64 nodejs-devel-18.19.1-1.module_el9.3.0+59+28b95644.x86_64.rpm 21e83dd1bed1e74126e10ba8bf578b192a9a3a8a5b98952e2f556d17186039f7
x86_64 nodejs-18.19.1-1.module_el9.3.0+59+28b95644.x86_64.rpm 664bc5d43ba2330c7902306be84be2b5f42d6163d2839f8e84f109002e7afb7d
x86_64 nodejs-full-i18n-18.19.1-1.module_el9.3.0+59+28b95644.x86_64.rpm 7e104b66ddef362a4bf889e7539716947f1d159d2b0dc5548c1c5a54813bd7c1
x86_64 npm-10.2.4-1.18.19.1.1.module_el9.3.0+59+28b95644.x86_64.rpm c88fed3b588175712284c1ad9e119111fa9874b23330eed1de9b521c43c1ff4d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.