ALSA-2024:5815

[ALSA-2024:5815] Moderate: nodejs:20 security update

Type:

security

Severity:

moderate

Release date:

2024-08-26

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. 

Security Fix(es):

* nodejs: Bypass network import restriction via data URL (CVE-2024-22020)
* nodejs: fs.lstat bypasses permission model (CVE-2024-22018)
* nodejs: fs.fchown/fchmod bypasses permission model (CVE-2024-36137)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-20.16.0-1.module_el9.4.0+107+dbd477e4.aarch64.rpm	187645cd2f5f889d78aba6c184a5bf9ff9dd323caf6d14f83ba166f0c209825a
aarch64	nodejs-full-i18n-20.16.0-1.module_el9.4.0+107+dbd477e4.aarch64.rpm	39796cabc446b4018688d0e816f787439adbcaa5a8ceeea54260c77cdb33be1b
aarch64	npm-10.8.1-1.20.16.0.1.module_el9.4.0+107+dbd477e4.aarch64.rpm	72043f4189e594622b4aedcc68763e50b2f798f3a2fd00a290d2f999437c77a5
aarch64	nodejs-devel-20.16.0-1.module_el9.4.0+107+dbd477e4.aarch64.rpm	a740a641e212b09a3fbe16ee7bd29ed67fd37cd5c3694334b424a8a15d190af3
noarch	nodejs-docs-20.16.0-1.module_el9.4.0+107+dbd477e4.noarch.rpm	54d42b8e6332690ae739d234375760478031d5587beb471bcb6bd3a503254a00
noarch	nodejs-nodemon-3.0.1-1.module_el9.3.0+47+c33bc288.noarch.rpm	6c7def7dbed327b375d30e7aafa1c2627afb0c3399bfdf50f9721a64a87488aa
noarch	nodejs-packaging-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm	8014b60b14856a94feb49d7f2a8754c6fd531ac93bf52e19702e32eea1fb729f
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm	94ac92c4ae695d87df9c616a6d3ecafca411d07358cf60516392e320eefcb3c6
ppc64le	nodejs-full-i18n-20.16.0-1.module_el9.4.0+107+dbd477e4.ppc64le.rpm	120c1bb84ac8934c9806400579fcfcb0ebd7481ceff6d039c536967b04eff017
ppc64le	nodejs-20.16.0-1.module_el9.4.0+107+dbd477e4.ppc64le.rpm	399eeea57d61244c8b169ed5cf1a5fd11616507fd35382b38270d1ff72336105
ppc64le	npm-10.8.1-1.20.16.0.1.module_el9.4.0+107+dbd477e4.ppc64le.rpm	74743620dbf7e915b239b217d3f92cada9164e6558d16a65f592aab37c4b7b85
ppc64le	nodejs-devel-20.16.0-1.module_el9.4.0+107+dbd477e4.ppc64le.rpm	8357ed5242863ae049e401ebccc7e790fee7add5a1fc6d72fb2153747b347255
s390x	nodejs-full-i18n-20.16.0-1.module_el9.4.0+107+dbd477e4.s390x.rpm	07eba36cfba84a3ade683cc65f8d1f01e65cc06bc89b37c41a2598a8110cb36e
s390x	nodejs-20.16.0-1.module_el9.4.0+107+dbd477e4.s390x.rpm	9f27b0990d6936f55d1aa46df40870906bca651ce7b4439d5e42e9f73a30a652
s390x	nodejs-devel-20.16.0-1.module_el9.4.0+107+dbd477e4.s390x.rpm	b743409083ae1a20fa8ecbaf881dec8fa16b92233d42a7dadd966d688796e7d9
s390x	npm-10.8.1-1.20.16.0.1.module_el9.4.0+107+dbd477e4.s390x.rpm	fd7127db11acfa37704dea859727eb27414ca1fe065fe569b3b591f4c9ae2657
x86_64	nodejs-full-i18n-20.16.0-1.module_el9.4.0+107+dbd477e4.x86_64.rpm	22f38b30aaa1fc58e85cd51749691e09b85e290ddec431aef44d143a0291018f
x86_64	nodejs-20.16.0-1.module_el9.4.0+107+dbd477e4.x86_64.rpm	641a5f3eeb50b92afa1438949e4df27e29ea23924fd5600cd82c2d291341a935
x86_64	nodejs-devel-20.16.0-1.module_el9.4.0+107+dbd477e4.x86_64.rpm	6b967e62eed5a9243df667833778be47a0911758ffa476f10844d756003addfa
x86_64	npm-10.8.1-1.20.16.0.1.module_el9.4.0+107+dbd477e4.x86_64.rpm	bd3ffbc3991e6077eceb2e3786224c6bded1ecc9b67aba8c8c0c7bd23ce20d91

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.