ALSA-2024:2779

[ALSA-2024:2779] Important: nodejs:18 security update

Type:

security

Severity:

important

Release date:

2024-05-10

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* nodejs: CONTINUATION frames DoS (CVE-2024-27983)
* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-full-i18n-18.20.2-2.module_el9.4.0+99+a01f7676.aarch64.rpm	b5aa6680f80a619769ffb71b287e7a7fe312e0d99457fa2f2ea361f78a04d7bd
aarch64	nodejs-devel-18.20.2-2.module_el9.4.0+99+a01f7676.aarch64.rpm	bfa9db5edf1de13c2786d690ae3ce7c7bc4b64b938f209ccd46eacdf1565f076
aarch64	nodejs-18.20.2-2.module_el9.4.0+99+a01f7676.aarch64.rpm	e054005eb786971341e9569e5e955bd20ebb05cd255971c55792b6559e9f74a8
aarch64	npm-10.5.0-1.18.20.2.2.module_el9.4.0+99+a01f7676.aarch64.rpm	f84133c5740d92b8f5c3149f1df371a3dc60c357d4d1fce58b3fb4613dd1347b
noarch	nodejs-docs-18.20.2-2.module_el9.4.0+99+a01f7676.noarch.rpm	5046029717db3f41b95ac1e0a4d7e166800f21dcaeb1f00767c2fdb2498e7df7
noarch	nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm	6e3f86ef560d05b76cc9e5f81bdbcf1617374c3c12815325d267d44057a954e8
noarch	nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm	8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
ppc64le	npm-10.5.0-1.18.20.2.2.module_el9.4.0+99+a01f7676.ppc64le.rpm	109d4199141c2527c709c4b98ce872c512cf5696e78587c19d15361d51863333
ppc64le	nodejs-devel-18.20.2-2.module_el9.4.0+99+a01f7676.ppc64le.rpm	5182ed8bd0adf93aa7e8b6d955d31606d04a1eaef476ecac0bd1aa1821885bc8
ppc64le	nodejs-full-i18n-18.20.2-2.module_el9.4.0+99+a01f7676.ppc64le.rpm	6f833b8ef8852584f9fa6b06cbc887d9ff595485c8af4668775e7a7732427134
ppc64le	nodejs-18.20.2-2.module_el9.4.0+99+a01f7676.ppc64le.rpm	d40c7b85a4bfd7d4d37cc73a998583e0a5f020ae21b288a6d5b6d2408c84e54a
s390x	npm-10.5.0-1.18.20.2.2.module_el9.4.0+99+a01f7676.s390x.rpm	131cd8beac23c513c7d525b077795b16f068d830c2e57bff7eff19ddccb1298c
s390x	nodejs-devel-18.20.2-2.module_el9.4.0+99+a01f7676.s390x.rpm	3f26d8194c092068bd17c1efb605b2d1c84b18aa96c71124556f567babb55004
s390x	nodejs-18.20.2-2.module_el9.4.0+99+a01f7676.s390x.rpm	7d8175707b2c2f36e3e44f38d6ea23ceb05687aebf7e98630c209ee9ed2ac781
s390x	nodejs-full-i18n-18.20.2-2.module_el9.4.0+99+a01f7676.s390x.rpm	fe5591f91e88dca0ee96ec7df5c50878619df0b03989d6a2e86c590b71e20d4c
x86_64	nodejs-devel-18.20.2-2.module_el9.4.0+99+a01f7676.x86_64.rpm	3bdcc40b0d169f60e579adbd75fd37f01a9fa1f31f529475393e30d426621240
x86_64	nodejs-full-i18n-18.20.2-2.module_el9.4.0+99+a01f7676.x86_64.rpm	56173548dce369afbc5448b4d3b35d9070f9e60533af84fd4626330fcf72150f
x86_64	npm-10.5.0-1.18.20.2.2.module_el9.4.0+99+a01f7676.x86_64.rpm	93dd320eb71046bcfbf90bafd5cad9ca608272228df929d39eb637cf5a36ef19
x86_64	nodejs-18.20.2-2.module_el9.4.0+99+a01f7676.x86_64.rpm	de41eb565929e269feca98939a3d65cfc8e9bad768db04862fb65157d82d543e

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.