Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6964: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen
  • CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Red Hat Security Data
Open in Source
#vulnerability#web#linux#red_hat#nodejs#js#java#ibm#sap

Synopsis

Important: nodejs:16 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs 16.

Security Fix(es):

  • nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
  • nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 8 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
  • Red Hat Enterprise Linux Server - AUS 8.6 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 8 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
  • Red Hat Enterprise Linux for Power, little endian 8 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
  • Red Hat Enterprise Linux Server - TUS 8.6 x86_64
  • Red Hat Enterprise Linux for ARM 64 8 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64

Fixes

  • BZ - 2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen
  • BZ - 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

Red Hat Enterprise Linux for x86_64 8

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

x86_64

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

x86_64

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e

Red Hat Enterprise Linux Server - AUS 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

x86_64

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e

Red Hat Enterprise Linux for IBM z Systems 8

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

s390x

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 2b7229cfbe4f1a80a961877291797147699f0469941ca0b7a5f400676913683d

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 28ef0ed04c088f93f837296d10de2149459c6af947fc5970b35a0732df0cfd2e

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: fd43a71a272ee77d1115379a273a87b67f061a1085f4a1d8f99f1a52a493c610

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 7f36130df992d755be1e57434dce54977ec24610ef837e3564816f25bee0b24b

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: d4380d3543226dae02dba33ae6bbf9a88b7891cb07134a8f3cf65324283c4595

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 8e1eaed90ff40b27fbb55322212a39f5d489569623efc814a4fa5bc859d2f1e2

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

s390x

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 2b7229cfbe4f1a80a961877291797147699f0469941ca0b7a5f400676913683d

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 28ef0ed04c088f93f837296d10de2149459c6af947fc5970b35a0732df0cfd2e

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: fd43a71a272ee77d1115379a273a87b67f061a1085f4a1d8f99f1a52a493c610

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 7f36130df992d755be1e57434dce54977ec24610ef837e3564816f25bee0b24b

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: d4380d3543226dae02dba33ae6bbf9a88b7891cb07134a8f3cf65324283c4595

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.s390x.rpm

SHA-256: 8e1eaed90ff40b27fbb55322212a39f5d489569623efc814a4fa5bc859d2f1e2

Red Hat Enterprise Linux for Power, little endian 8

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

ppc64le

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 04e51bc88bb38083560499d9d5cd7519d9c4af4391c754ef7529f98d1fa5ddfd

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 8a96b2781acac8d91a5b0da625aded6c4cd99706361be9c95b2f96506dbc7320

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 71a13069f18848459c805fac67edc1717936a23239c847d1f1d01397ec2fb446

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: c21919e55632e3795d5d69041b9855a25ec7facc1fb66f0ab78f9b40116f8b46

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 21bfb1114ab3ea4113676f2e524c5a848ecf3315240be92ade4b3c0238f9f031

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: cd2e08d40ea56133964603bbe73b21e4311e172bca23b881429c4eb989385994

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

ppc64le

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 04e51bc88bb38083560499d9d5cd7519d9c4af4391c754ef7529f98d1fa5ddfd

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 8a96b2781acac8d91a5b0da625aded6c4cd99706361be9c95b2f96506dbc7320

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 71a13069f18848459c805fac67edc1717936a23239c847d1f1d01397ec2fb446

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: c21919e55632e3795d5d69041b9855a25ec7facc1fb66f0ab78f9b40116f8b46

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 21bfb1114ab3ea4113676f2e524c5a848ecf3315240be92ade4b3c0238f9f031

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: cd2e08d40ea56133964603bbe73b21e4311e172bca23b881429c4eb989385994

Red Hat Enterprise Linux Server - TUS 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

x86_64

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e

Red Hat Enterprise Linux for ARM 64 8

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

aarch64

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: fb621b8850c42dab1281714bcbe1faf30977c9076376cbd3e4ea84e459b05ef9

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 7f32dfe1d5d7eed08aa54535e7820ec1f071f43d3d395b9293e120931e05ce89

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: d37c0d4dde9b5b1d1e209bdb902fa560f23175060fcd6f37fa5ecab53cbec79d

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 0c312f70f6ff1189ed1bd84f08fd8d91d6230a189e4da9eba74c12cfca5868ff

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 23f6feda0b70d999ce587c8bf8d7784a3319169453cb05fdf7ecfd3554307f9d

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 53138878eead6a2b283190a4a7cc4755af2c6764e8b6ad31966b48f45a39269e

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

aarch64

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: fb621b8850c42dab1281714bcbe1faf30977c9076376cbd3e4ea84e459b05ef9

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 7f32dfe1d5d7eed08aa54535e7820ec1f071f43d3d395b9293e120931e05ce89

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: d37c0d4dde9b5b1d1e209bdb902fa560f23175060fcd6f37fa5ecab53cbec79d

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 0c312f70f6ff1189ed1bd84f08fd8d91d6230a189e4da9eba74c12cfca5868ff

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 23f6feda0b70d999ce587c8bf8d7784a3319169453cb05fdf7ecfd3554307f9d

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.aarch64.rpm

SHA-256: 53138878eead6a2b283190a4a7cc4755af2c6764e8b6ad31966b48f45a39269e

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

ppc64le

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 04e51bc88bb38083560499d9d5cd7519d9c4af4391c754ef7529f98d1fa5ddfd

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 8a96b2781acac8d91a5b0da625aded6c4cd99706361be9c95b2f96506dbc7320

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 71a13069f18848459c805fac67edc1717936a23239c847d1f1d01397ec2fb446

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: c21919e55632e3795d5d69041b9855a25ec7facc1fb66f0ab78f9b40116f8b46

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: 21bfb1114ab3ea4113676f2e524c5a848ecf3315240be92ade4b3c0238f9f031

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm

SHA-256: cd2e08d40ea56133964603bbe73b21e4311e172bca23b881429c4eb989385994

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6

SRPM

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm

SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm

SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835

x86_64

nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4

nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443

nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972

nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a

nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm

SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e

nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c

nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm

SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd

nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc

npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm

SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

Red Hat Security Advisory 2023-1533-01

Red Hat Security Advisory 2023-1533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.

RHSA-2023:1533: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to tr...

Debian Security Advisory 5326-1

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

RHSA-2023:0321: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44906: minimist: prototype pollution * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields * CVE-2022-43548: nodejs: DNS rebinding in inspect via invalid octal IP address

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)

CVE-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.

Red Hat Security Advisory 2022-7830-01

Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2022-7821-01

Red Hat Security Advisory 2022-7821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

RHSA-2022:7830: Red Hat Security Advisory: nodejs:14 security update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2022-21824: nodejs: Prototype pollution via console.table properties * CVE-2022-35256: nodejs: HTTP Reque...

RHSA-2022:7821: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

Red Hat Security Advisory 2022-7044-01

Red Hat Security Advisory 2022-7044-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

RHSA-2022:7044: Red Hat Security Advisory: rh-nodejs14-nodejs security update

An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2021-44906: minimist: prototype pollution * CVE-2022-21824: nodejs: Prototype pollution via console.table...

Red Hat Security Advisory 2022-6963-01

Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6964-01

Red Hat Security Advisory 2022-6964-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

RHSA-2022:6963: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

Red Hat Security Data: Latest News

RHSA-2023:5627: Red Hat Security Advisory: kernel security, bug fix, and enhancement update
Red Hat Security Data