[ALSA-2024:2910] Important: nodejs security update
Type:
security
Severity:
important
Release date:
2024-05-20
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * nodejs: CONTINUATION frames DoS (CVE-2024-27983) * nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025) * nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982) * nghttp2: CONTINUATION frames DoS (CVE-2024-28182) * c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-8.19.4-1.16.20.2.8.el9_4.aarch64.rpm 2f5518e200e3ab81326b715367a2fe5599724a33ad45eec9b91d1b76f12cd1e3
aarch64 nodejs-full-i18n-16.20.2-8.el9_4.aarch64.rpm 53855d916d8f1fd995b00ce8b6b1e8f02cb5c8b29e81c92a2c86a72d9ab029a7
aarch64 nodejs-libs-16.20.2-8.el9_4.aarch64.rpm 7445e3a0a3086a0870f7e2c6347bc8fbb91bcebc55f2b4f48d7288dc0eaa6355
aarch64 nodejs-16.20.2-8.el9_4.aarch64.rpm ede4f9efae617ef4a97cb1a71a307a23125156b7cb1ac45921ab26277013f3a0
i686 nodejs-libs-16.20.2-8.el9_4.i686.rpm c1d81463c422ae9b5039af176412f56a0325b4736450f2d1eab293d78ce71a14
noarch nodejs-docs-16.20.2-8.el9_4.noarch.rpm b1b792b69a5411822d1b67865bfa0e978b9dbeeb54e65ac1739ca4d446ca1803
ppc64le nodejs-full-i18n-16.20.2-8.el9_4.ppc64le.rpm 4fa6f2c48eef2faf6ad38528dcd2a0be3e0ddee21fc12f61b7463cb8d3715a95
ppc64le nodejs-16.20.2-8.el9_4.ppc64le.rpm c13fe86975ee8d67480eabd07e12ebda14d61f588554e976b8f46868081ff165
ppc64le nodejs-libs-16.20.2-8.el9_4.ppc64le.rpm c70427b198378df906b24528a8d81f7caa277f0171e4bcd0fb4dc8e9442293b3
ppc64le npm-8.19.4-1.16.20.2.8.el9_4.ppc64le.rpm fb9a2bf86cea1516786e77d7ea038427f86233abd3c82ccf70838e43105b0faf
s390x nodejs-16.20.2-8.el9_4.s390x.rpm 5e1f703bdbde91d1d516acd232018376a5c988b2dd67baf3b2fd866f1ae4cfcb
s390x npm-8.19.4-1.16.20.2.8.el9_4.s390x.rpm 7f92eadc97d1e3451107866be0d70d4473daca58a491f61237046867a3bc839b
s390x nodejs-libs-16.20.2-8.el9_4.s390x.rpm 9ec9b5500ab500f3d845903e32367e3f21de0a4f2778f6e5793e40649e241311
s390x nodejs-full-i18n-16.20.2-8.el9_4.s390x.rpm c471c11fb541b5cec6f1d1522b91f3ce0ba9f7aaf83b2954338c206aad90c57e
x86_64 npm-8.19.4-1.16.20.2.8.el9_4.x86_64.rpm 053aa6c94d983659147ee500fe278e37a56c806efc56218a6a07b7a57cd89826
x86_64 nodejs-libs-16.20.2-8.el9_4.x86_64.rpm 4583c065b9174a82a4137dc0c75c139715cf6ac23f294c1f79a4bf87a54bf708
x86_64 nodejs-16.20.2-8.el9_4.x86_64.rpm 6ce14aca83f7379c6b894b66e2dd9649926facd24814d9367fce19fe46bbeb9b
x86_64 nodejs-full-i18n-16.20.2-8.el9_4.x86_64.rpm a069ab5d77d1be776634164ecbb0dac05c300e28077c463e4d37392cb0c1053b
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.