ALSA-2024:2853

[ALSA-2024:2853] Important: nodejs:20 security update

Type:

security

Severity:

important

Release date:

2024-05-16

Description:

Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.

Security Fix(es):

* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
* nodejs: CONTINUATION frames DoS (CVE-2024-27983)
* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	npm-10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528.aarch64.rpm	26534ac7d4b46b781cf17d4059d0a3f406af6121f8ba0476abecd8a64b3e0e88
aarch64	nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.aarch64.rpm	54911777cc03bee46ec370379b85ed437caae932c32dd39e1e0540e86cfcf028
aarch64	nodejs-full-i18n-20.12.2-2.module_el9.4.0+100+71fc9528.aarch64.rpm	ae0cd4088694050eb1795e8a667b5a2eafd4e00e3e559aafb1039a1e597a94c2
aarch64	nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.aarch64.rpm	c3713f9e34b9d4881b1c4e8cfcdf638e541011a2536eae527b0f778e7ecc2f9a
noarch	nodejs-docs-20.12.2-2.module_el9.4.0+100+71fc9528.noarch.rpm	0ba467930563644df03005a17524df078431cab3658d3ee5b9a819179762c049
noarch	nodejs-nodemon-3.0.1-1.module_el9.3.0+47+c33bc288.noarch.rpm	6c7def7dbed327b375d30e7aafa1c2627afb0c3399bfdf50f9721a64a87488aa
noarch	nodejs-packaging-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm	8014b60b14856a94feb49d7f2a8754c6fd531ac93bf52e19702e32eea1fb729f
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm	94ac92c4ae695d87df9c616a6d3ecafca411d07358cf60516392e320eefcb3c6
ppc64le	nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm	452a750077a217e546b9808b9fbf216ae4c3c567179c1a640801009a908c57ae
ppc64le	nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm	78306262fc4e6db9d0d02e85df512ecef40598a8c65bfc3c844d419efe209040
ppc64le	nodejs-full-i18n-20.12.2-2.module_el9.4.0+100+71fc9528.ppc64le.rpm	c0838e83e549ba68a9ca8f720394667c84f61c2e97064051ff4c6f7d6e314f8a
ppc64le	npm-10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528.ppc64le.rpm	defaf5e85831d0a97cdf1b7e343750344401d43f175431b907dc16e26c3fd4a1
s390x	nodejs-full-i18n-20.12.2-2.module_el9.4.0+100+71fc9528.s390x.rpm	0c1ce19c8133ab1456f54f00e40768d3106b1a10896b890acfb03bf83eb24341
s390x	nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.s390x.rpm	12dbaa193db70860e8ce0cfec62a38ccd2aa56a5e899435a4344effb8e7c0aff
s390x	npm-10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528.s390x.rpm	28880dbf573172aeabe781795f0b240cb7663f316666ae5b1a78a046fb918634
s390x	nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.s390x.rpm	c1dc088ce88adc6814b56f3667e25e81cbd0bc9ed9e34f1e41a2bd5d4e0a1794
x86_64	nodejs-20.12.2-2.module_el9.4.0+100+71fc9528.x86_64.rpm	2ff8408cfdf4ec7266e9795eed02f67a8299dcc62f2d9cd04c9e4060772a6475
x86_64	nodejs-devel-20.12.2-2.module_el9.4.0+100+71fc9528.x86_64.rpm	94df3f920d7272a33bd17bf817fe58d7f09764acb6f2e1bed59c36526b721126
x86_64	npm-10.5.0-1.20.12.2.2.module_el9.4.0+100+71fc9528.x86_64.rpm	ca37c6ff79f307d87c33be332a46dce9d7d8959f6b437c572d0ee6a02d679d6f
x86_64	nodejs-full-i18n-20.12.2-2.module_el9.4.0+100+71fc9528.x86_64.rpm	ca692f856d0739c2dca5884e2256c2afb41ca4351f33de2ddbdba614341102a7

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.