[ALSA-2024:6147] Moderate: nodejs:18 security update
Type:
security
Severity:
moderate
Release date:
2024-09-03
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * node-tar: denial of service while parsing a tar file due to lack of folders depth validation (CVE-2024-28863) * nodejs: Bypass network import restriction via data URL (CVE-2024-22020) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-18.20.4-1.module_el9.4.0+112+bb28ff81.aarch64.rpm 4bfca72d69bcd38f98b48286bfc559e9216801f7354c033f65e9f32288a6f810
aarch64 npm-10.7.0-1.18.20.4.1.module_el9.4.0+112+bb28ff81.aarch64.rpm 501eb9de3d666c9205a28647ffad8f41decdcd4060abb0903202ac5e65ca34cc
aarch64 nodejs-full-i18n-18.20.4-1.module_el9.4.0+112+bb28ff81.aarch64.rpm cd83369778af964aabe2974ff64b192a7e096fc3fd5dd3de635ff14c00c35150
aarch64 nodejs-devel-18.20.4-1.module_el9.4.0+112+bb28ff81.aarch64.rpm d31897eabb014db6b58b24a05a17add54289366e56a2abc9f752b6bdb4e5a063
noarch nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm 6e3f86ef560d05b76cc9e5f81bdbcf1617374c3c12815325d267d44057a954e8
noarch nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm 7c19c5f85137e7d0b3132a379dc2d5364bd19e6da1ecee409666857bcc1a68d8
noarch nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm 8c650e8cd661aec62ef26c2867e44b6902ba928bcd228650ecf14be525515ad0
noarch nodejs-docs-18.20.4-1.module_el9.4.0+112+bb28ff81.noarch.rpm c1e7db42d47c00e5e295bdcf95a9537a5fe05b24354641c7e5c16390e6498698
ppc64le npm-10.7.0-1.18.20.4.1.module_el9.4.0+112+bb28ff81.ppc64le.rpm 7d64161541c8901ffc2e4a438a0b25e4a1bdc2433e492ec2538924f5247e8797
ppc64le nodejs-full-i18n-18.20.4-1.module_el9.4.0+112+bb28ff81.ppc64le.rpm bd8be35cd8cf7d6374914a8d161ae3e6722141b856c328f1744552af36806af7
ppc64le nodejs-18.20.4-1.module_el9.4.0+112+bb28ff81.ppc64le.rpm db19f2fb68851f96ec32162232c0dd9fac0108152a7b2c76d31c947f883c1d4c
ppc64le nodejs-devel-18.20.4-1.module_el9.4.0+112+bb28ff81.ppc64le.rpm f527ae36004bdff43981d448572083fbb860da5914c5db363a28b29027d882d4
s390x nodejs-18.20.4-1.module_el9.4.0+112+bb28ff81.s390x.rpm 453c4867352d2829b52d34979eec702c449aaeb85d2d9ffcb79fb4382dfb3c6f
s390x nodejs-full-i18n-18.20.4-1.module_el9.4.0+112+bb28ff81.s390x.rpm 7c65c11a838c2531a78015673461afa0a239f2f0b3f1b6894f429c56a5b0171f
s390x nodejs-devel-18.20.4-1.module_el9.4.0+112+bb28ff81.s390x.rpm cbd646200d3a6a430329b481f5297b522ff6b565df8f8b37d1637c65191da268
s390x npm-10.7.0-1.18.20.4.1.module_el9.4.0+112+bb28ff81.s390x.rpm f4ddd38c9784b1edf2b69239ffa894732b065b05053eace294677bbf43da363d
x86_64 nodejs-full-i18n-18.20.4-1.module_el9.4.0+112+bb28ff81.x86_64.rpm 7f95ec8ab4751a732ce743406d381494606f036b70f53b00ccc314ef36cac67e
x86_64 nodejs-18.20.4-1.module_el9.4.0+112+bb28ff81.x86_64.rpm abe53def3f280c81b598d636153ee471fbaba656cdf9189623774b809a69a621
x86_64 npm-10.7.0-1.18.20.4.1.module_el9.4.0+112+bb28ff81.x86_64.rpm ccbcab67d8e1db19485bd591484c63f8bb581f523b293f8810e6ab368f0d2ecd
x86_64 nodejs-devel-18.20.4-1.module_el9.4.0+112+bb28ff81.x86_64.rpm df50476a3180a7a29ecb48451dbb469c94b6854e67a56b720102a3fb8d6e2add
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.