Headline
RHSA-2022:6964: Red Hat Security Advisory: nodejs:16 security update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen
- CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Synopsis
Important: nodejs:16 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs 16.
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen
- BZ - 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Red Hat Enterprise Linux for x86_64 8
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
s390x
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 2b7229cfbe4f1a80a961877291797147699f0469941ca0b7a5f400676913683d
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 28ef0ed04c088f93f837296d10de2149459c6af947fc5970b35a0732df0cfd2e
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: fd43a71a272ee77d1115379a273a87b67f061a1085f4a1d8f99f1a52a493c610
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 7f36130df992d755be1e57434dce54977ec24610ef837e3564816f25bee0b24b
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: d4380d3543226dae02dba33ae6bbf9a88b7891cb07134a8f3cf65324283c4595
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 8e1eaed90ff40b27fbb55322212a39f5d489569623efc814a4fa5bc859d2f1e2
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
s390x
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 2b7229cfbe4f1a80a961877291797147699f0469941ca0b7a5f400676913683d
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 28ef0ed04c088f93f837296d10de2149459c6af947fc5970b35a0732df0cfd2e
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: fd43a71a272ee77d1115379a273a87b67f061a1085f4a1d8f99f1a52a493c610
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 7f36130df992d755be1e57434dce54977ec24610ef837e3564816f25bee0b24b
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: d4380d3543226dae02dba33ae6bbf9a88b7891cb07134a8f3cf65324283c4595
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.s390x.rpm
SHA-256: 8e1eaed90ff40b27fbb55322212a39f5d489569623efc814a4fa5bc859d2f1e2
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 04e51bc88bb38083560499d9d5cd7519d9c4af4391c754ef7529f98d1fa5ddfd
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 8a96b2781acac8d91a5b0da625aded6c4cd99706361be9c95b2f96506dbc7320
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 71a13069f18848459c805fac67edc1717936a23239c847d1f1d01397ec2fb446
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: c21919e55632e3795d5d69041b9855a25ec7facc1fb66f0ab78f9b40116f8b46
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 21bfb1114ab3ea4113676f2e524c5a848ecf3315240be92ade4b3c0238f9f031
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: cd2e08d40ea56133964603bbe73b21e4311e172bca23b881429c4eb989385994
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 04e51bc88bb38083560499d9d5cd7519d9c4af4391c754ef7529f98d1fa5ddfd
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 8a96b2781acac8d91a5b0da625aded6c4cd99706361be9c95b2f96506dbc7320
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 71a13069f18848459c805fac67edc1717936a23239c847d1f1d01397ec2fb446
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: c21919e55632e3795d5d69041b9855a25ec7facc1fb66f0ab78f9b40116f8b46
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 21bfb1114ab3ea4113676f2e524c5a848ecf3315240be92ade4b3c0238f9f031
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: cd2e08d40ea56133964603bbe73b21e4311e172bca23b881429c4eb989385994
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e
Red Hat Enterprise Linux for ARM 64 8
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
aarch64
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: fb621b8850c42dab1281714bcbe1faf30977c9076376cbd3e4ea84e459b05ef9
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 7f32dfe1d5d7eed08aa54535e7820ec1f071f43d3d395b9293e120931e05ce89
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: d37c0d4dde9b5b1d1e209bdb902fa560f23175060fcd6f37fa5ecab53cbec79d
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 0c312f70f6ff1189ed1bd84f08fd8d91d6230a189e4da9eba74c12cfca5868ff
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 23f6feda0b70d999ce587c8bf8d7784a3319169453cb05fdf7ecfd3554307f9d
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 53138878eead6a2b283190a4a7cc4755af2c6764e8b6ad31966b48f45a39269e
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
aarch64
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: fb621b8850c42dab1281714bcbe1faf30977c9076376cbd3e4ea84e459b05ef9
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 7f32dfe1d5d7eed08aa54535e7820ec1f071f43d3d395b9293e120931e05ce89
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: d37c0d4dde9b5b1d1e209bdb902fa560f23175060fcd6f37fa5ecab53cbec79d
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 0c312f70f6ff1189ed1bd84f08fd8d91d6230a189e4da9eba74c12cfca5868ff
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 23f6feda0b70d999ce587c8bf8d7784a3319169453cb05fdf7ecfd3554307f9d
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.aarch64.rpm
SHA-256: 53138878eead6a2b283190a4a7cc4755af2c6764e8b6ad31966b48f45a39269e
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 04e51bc88bb38083560499d9d5cd7519d9c4af4391c754ef7529f98d1fa5ddfd
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 8a96b2781acac8d91a5b0da625aded6c4cd99706361be9c95b2f96506dbc7320
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 71a13069f18848459c805fac67edc1717936a23239c847d1f1d01397ec2fb446
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: c21919e55632e3795d5d69041b9855a25ec7facc1fb66f0ab78f9b40116f8b46
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: 21bfb1114ab3ea4113676f2e524c5a848ecf3315240be92ade4b3c0238f9f031
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.ppc64le.rpm
SHA-256: cd2e08d40ea56133964603bbe73b21e4311e172bca23b881429c4eb989385994
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.src.rpm
SHA-256: 49dffb96fe8ee6ac444564f43a6c3afb0a523eea499372eb2f29f7e2e860a292
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.src.rpm
SHA-256: 9dab7366a0dbdae95c64c22c2aa6dcd5e94a6c3b0ef91b8b4186f4b68b29426f
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 531706dc02ec327c0b763ea5ae83bd58ca7444d61af736f08c7fd72d7e0c4ca4
nodejs-debuginfo-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f05642db53d64d284a9f4b79c38063ea5d88c6837af4e21f4e89cac05583f443
nodejs-debugsource-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 8aba50fc26aab77e2906ee1b3ee9f6a7d260bf75926e8d334ac09e2afa857972
nodejs-devel-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: 9b351e701a8a46e0c70602942a60a31c8f6b91d20ffe9980530755b9f4c9b02a
nodejs-docs-16.17.1-1.module+el8.6.0+16848+a483195a.noarch.rpm
SHA-256: 8609826f9038efa0ef610a32e5a6b99189f047d0da020b9b94b927165543d10e
nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: a72939083eb54c5903f79cff04eb6796bb0550d544a00f2e10b6d30e5491265c
nodejs-nodemon-2.0.19-2.module+el8.6.0+16240+7ca51420.noarch.rpm
SHA-256: 2d72cee799046ab7a9dac0b2eb9748de499b0d92e62e1bd4e77d9c1c85570cbd
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a.x86_64.rpm
SHA-256: f9e3a52806ca407250911fe962a2e6ee7e0ecb9581742b80a45be2adfd72dc2e
Related news
Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
Red Hat Security Advisory 2023-1533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to tr...
Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44906: minimist: prototype pollution * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields * CVE-2022-43548: nodejs: DNS rebinding in inspect via invalid octal IP address
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-7821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2022-21824: nodejs: Prototype pollution via console.table properties * CVE-2022-35256: nodejs: HTTP Reque...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Red Hat Security Advisory 2022-7044-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2021-44906: minimist: prototype pollution * CVE-2022-21824: nodejs: Prototype pollution via console.table...
Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6964-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields