[ALSA-2024:1688] Important: nodejs:20 security update
Type:
security
Severity:
important
Release date:
2024-04-09
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809) * nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019) * nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892) * nodejs: path traversal by monkey-patching buffer internals (CVE-2024-21896) * nodejs: multiple permission model bypasses due to improper path traversal sequence sanitization (CVE-2024-21891) * nodejs: improper handling of wildcards in --allow-fs-read and --allow-fs-write (CVE-2024-21890) * nodejs: setuid() does not drop all privileges due to io_uring (CVE-2024-22017)
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-10.2.4-1.20.11.1.1.module_el9.3.0+88+29afeaa2.aarch64.rpm 39d880078d390f0ce07d660dbe9ddb6df06f4992a7353292f85f93b22a131238
aarch64 nodejs-full-i18n-20.11.1-1.module_el9.3.0+88+29afeaa2.aarch64.rpm 936dbed4d34d56f0e0c28f259f7fb99229692ef7c6959aad7a110f1c5d1d6359
aarch64 nodejs-20.11.1-1.module_el9.3.0+88+29afeaa2.aarch64.rpm 9d5e04e615267cd7bf5cbfa9e602cde71445003d793b2e4c01502a882393a3d2
aarch64 nodejs-devel-20.11.1-1.module_el9.3.0+88+29afeaa2.aarch64.rpm cb03b0a91ec13ff3f5e9cc578925eb78f2c5137a62f42ba8a71d3455a953b77b
noarch nodejs-docs-20.11.1-1.module_el9.3.0+88+29afeaa2.noarch.rpm 0a539992ceaebbdf59f37fcbeacbeb18b6a3fed31399e6b9cc248c7c888a888e
noarch nodejs-packaging-2021.06-4.module_el9.3.0+48+1cf146a1.noarch.rpm 35eb2a8230c495f14db654d04d574da1fcbda4788ab3b15100aa045fc30b01c3
noarch nodejs-nodemon-3.0.1-1.module_el9.3.0+47+c33bc288.noarch.rpm 6c7def7dbed327b375d30e7aafa1c2627afb0c3399bfdf50f9721a64a87488aa
noarch nodejs-packaging-bundler-2021.06-4.module_el9.3.0+48+1cf146a1.noarch.rpm cf69099af4a291d5887aa79f025868a557e50c9f7d2b18b5e0e5f3e2a9624fa2
ppc64le nodejs-full-i18n-20.11.1-1.module_el9.3.0+88+29afeaa2.ppc64le.rpm 1cc96d24aa611737588e6b461b7f6e3b114258ce31cc8ac69be896e40166ed4b
ppc64le nodejs-20.11.1-1.module_el9.3.0+88+29afeaa2.ppc64le.rpm 928dda3820a23adb3ee32a7664536b9b6d8b6b23bf48b36742ecec18231ce0d6
ppc64le npm-10.2.4-1.20.11.1.1.module_el9.3.0+88+29afeaa2.ppc64le.rpm 9e2b72fa8ca13817fdb65c1feeac5cd88b03b3e214c058b8ec3169b8a673fd00
ppc64le nodejs-devel-20.11.1-1.module_el9.3.0+88+29afeaa2.ppc64le.rpm ccd0aeca50ca271219bb6600f178c10341dd5e055fe33a0f2a23acae1eafc5c3
s390x nodejs-20.11.1-1.module_el9.3.0+88+29afeaa2.s390x.rpm 0fac9e1a61c724440143c785653f0c47932d3128b136ddb943bb2092058b3ab1
s390x npm-10.2.4-1.20.11.1.1.module_el9.3.0+88+29afeaa2.s390x.rpm 5bb5a237a5b29fee77d7d6086405ff59a0d371bf7516d406a35b3e232e905fe6
s390x nodejs-full-i18n-20.11.1-1.module_el9.3.0+88+29afeaa2.s390x.rpm a9f2598b47ca866b18796416edc4a2c41ea71f9f2479f5177d0ae681345a8e77
s390x nodejs-devel-20.11.1-1.module_el9.3.0+88+29afeaa2.s390x.rpm c7891fb9647a2da68d0de0d408356b7568844687743d5447feb26c2f6d906eb6
x86_64 nodejs-20.11.1-1.module_el9.3.0+88+29afeaa2.x86_64.rpm 3bef490adc178092d563c4a835c4792d41950d09906fda03d29007ec74b78727
x86_64 nodejs-devel-20.11.1-1.module_el9.3.0+88+29afeaa2.x86_64.rpm 6b7954875a7e7d80ebd89ff70409d7fcd5cea5a72b9ac8b8dabb28c75545a527
x86_64 nodejs-full-i18n-20.11.1-1.module_el9.3.0+88+29afeaa2.x86_64.rpm 8533ea11be5e0be5c841b4c4cdfa1a9e95e8103e3f0c72e60c9d2c9769bc7a3a
x86_64 npm-10.2.4-1.20.11.1.1.module_el9.3.0+88+29afeaa2.x86_64.rpm d1992da911aa85dc177f1f782836021fd67325d16029cb3ee036e049cc5146f3
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.