Security
Headlines
HeadlinesLatestCVEs

Headline

RHSA-2022:6963: Red Hat Security Advisory: nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:

  • CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen
  • CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Red Hat Security Data
#vulnerability#web#linux#red_hat#nodejs#js#java#ibm#sap

Synopsis

Important: nodejs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nodejs is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs (16.17.1).

Security Fix(es):

  • nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
  • nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected Products

  • Red Hat Enterprise Linux for x86_64 9 x86_64
  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems 9 s390x
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian 9 ppc64le
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 9 aarch64
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen
  • BZ - 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

Red Hat Enterprise Linux for x86_64 9

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

x86_64

nodejs-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 12787c2f8f44ca93dc3f44a8411aee308bcd95fabfeaab22e9d43b97549d038f

nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm

SHA-256: f91afcbb2d89b4009dbfc35b1c1e5270c816449f48684d924c9c0b81738138e9

nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm

SHA-256: f9e4261f9e734cb9ef2f835571c74d9fa8eaa147e1c1e74fa8fd4b03a3dd73b3

nodejs-debugsource-16.17.1-1.el9_0.i686.rpm

SHA-256: 7bb9732257693e8f0d43f538a9cc44ea44cc0727c188f3c46d734fdba49ace2d

nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 81f9916090819ae36d6e41d6e2324ef226c814de7eaf66db26ca85b3541125ed

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 4ba83078e0f074ea934edf34b25b7cc4ebb84da9ef51c96b31e4be3c74c2f0b2

nodejs-libs-16.17.1-1.el9_0.i686.rpm

SHA-256: 424528b94ff845f25c90398c278884d5dc33a3e84a255c9b1e0c5b2fbc60258b

nodejs-libs-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 6bf4f8f1ad4ff98683e6b60feff7ed3b9a31695ee2ffefbef8b1cfbc62c7a918

nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm

SHA-256: 988917831be62490e255940b4f37519c1c8ce8af54415ae9824976ec04641610

nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 6880ac047750789193e985ca828407110e80ecf9bdc10143a2a49d3564d909aa

npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm

SHA-256: 6cf827f536fc25c94219e9b5f536168a8ddd79db3776ebc09f331052be063dc2

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

x86_64

nodejs-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 12787c2f8f44ca93dc3f44a8411aee308bcd95fabfeaab22e9d43b97549d038f

nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm

SHA-256: f91afcbb2d89b4009dbfc35b1c1e5270c816449f48684d924c9c0b81738138e9

nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm

SHA-256: f9e4261f9e734cb9ef2f835571c74d9fa8eaa147e1c1e74fa8fd4b03a3dd73b3

nodejs-debugsource-16.17.1-1.el9_0.i686.rpm

SHA-256: 7bb9732257693e8f0d43f538a9cc44ea44cc0727c188f3c46d734fdba49ace2d

nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 81f9916090819ae36d6e41d6e2324ef226c814de7eaf66db26ca85b3541125ed

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 4ba83078e0f074ea934edf34b25b7cc4ebb84da9ef51c96b31e4be3c74c2f0b2

nodejs-libs-16.17.1-1.el9_0.i686.rpm

SHA-256: 424528b94ff845f25c90398c278884d5dc33a3e84a255c9b1e0c5b2fbc60258b

nodejs-libs-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 6bf4f8f1ad4ff98683e6b60feff7ed3b9a31695ee2ffefbef8b1cfbc62c7a918

nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm

SHA-256: 988917831be62490e255940b4f37519c1c8ce8af54415ae9824976ec04641610

nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 6880ac047750789193e985ca828407110e80ecf9bdc10143a2a49d3564d909aa

npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm

SHA-256: 6cf827f536fc25c94219e9b5f536168a8ddd79db3776ebc09f331052be063dc2

Red Hat Enterprise Linux for IBM z Systems 9

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

s390x

nodejs-16.17.1-1.el9_0.s390x.rpm

SHA-256: 5b3d9b0fe7522cb0fb4cf80ccd533acd5fcb13830870bebcbddb94899bc24eef

nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm

SHA-256: a3815d78ad632f0e56558c22f03fe3d2a49b6c55a3ebb17f50a871b36b6b2bf4

nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm

SHA-256: 0dbc70ade9f8dcfcc6a861470c932c77d62e599e005772e9a4a34110fbf9d8bc

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm

SHA-256: 9a4e896ea01dcaaebad4bb30970848c042718a0fea368678c25d5fa733628a7f

nodejs-libs-16.17.1-1.el9_0.s390x.rpm

SHA-256: 4dad0b71fe382072f173e318a74fa6691bd8540f351390e202352c97d4550c0b

nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm

SHA-256: f4b8edc1a33fef9a566d9160de29840536c60dc451e5c60f40c2f6cd34eb4489

npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm

SHA-256: 501d32bba90c90e2627bf6bb7fddbbdcb1262cb3bcad85721f5cfc4466c6b520

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

s390x

nodejs-16.17.1-1.el9_0.s390x.rpm

SHA-256: 5b3d9b0fe7522cb0fb4cf80ccd533acd5fcb13830870bebcbddb94899bc24eef

nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm

SHA-256: a3815d78ad632f0e56558c22f03fe3d2a49b6c55a3ebb17f50a871b36b6b2bf4

nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm

SHA-256: 0dbc70ade9f8dcfcc6a861470c932c77d62e599e005772e9a4a34110fbf9d8bc

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm

SHA-256: 9a4e896ea01dcaaebad4bb30970848c042718a0fea368678c25d5fa733628a7f

nodejs-libs-16.17.1-1.el9_0.s390x.rpm

SHA-256: 4dad0b71fe382072f173e318a74fa6691bd8540f351390e202352c97d4550c0b

nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm

SHA-256: f4b8edc1a33fef9a566d9160de29840536c60dc451e5c60f40c2f6cd34eb4489

npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm

SHA-256: 501d32bba90c90e2627bf6bb7fddbbdcb1262cb3bcad85721f5cfc4466c6b520

Red Hat Enterprise Linux for Power, little endian 9

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

ppc64le

nodejs-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 9e15401b56274168c9542639ae946752cfcb4ec73706c671b720fbd5f615cbf4

nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: c0d0e4d65def67edb433157e0d2a2070a876e1da6191c365d04dccd39fa2f21f

nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: b8c235c57f4539b98c149076ed543920f6bbf80cec640d13e80da10cd3d051a2

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 407182ffde9c0082835e80176bcd13fa4626a6d8bb14917d07819075c0f9e04a

nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 879e4350fb48c61d3dafa80f7af617c3600d5d37a4903f2a93bf256bb97e7c83

nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: c0d61ac8bb3995967b53e05f27fe3d27b01bb24bac26f1dd735220d403f489ee

npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm

SHA-256: 6317533844efeedd443ccca50a74fc2208252164fe47c2766664b8707a63b2d8

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

ppc64le

nodejs-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 9e15401b56274168c9542639ae946752cfcb4ec73706c671b720fbd5f615cbf4

nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: c0d0e4d65def67edb433157e0d2a2070a876e1da6191c365d04dccd39fa2f21f

nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: b8c235c57f4539b98c149076ed543920f6bbf80cec640d13e80da10cd3d051a2

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 407182ffde9c0082835e80176bcd13fa4626a6d8bb14917d07819075c0f9e04a

nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 879e4350fb48c61d3dafa80f7af617c3600d5d37a4903f2a93bf256bb97e7c83

nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: c0d61ac8bb3995967b53e05f27fe3d27b01bb24bac26f1dd735220d403f489ee

npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm

SHA-256: 6317533844efeedd443ccca50a74fc2208252164fe47c2766664b8707a63b2d8

Red Hat Enterprise Linux for ARM 64 9

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

aarch64

nodejs-16.17.1-1.el9_0.aarch64.rpm

SHA-256: aaf7cba413bae0a4793bfbc896ef3bf54e8955884396190e42a4770454ca37a9

nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 623bd56d1f5b5f926a03812af7bf9f296944e483713666c8cdcb45dfc0469959

nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 9aa40cdc134d121173e712abf79b081ee92ace9bc4057b59ae8b77aed0b30aa6

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 3ef06a2b31b72f8e3b39458bca9283e5b7ac18e75993a677551b85d40a24a69a

nodejs-libs-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 74b071783fae80c863803c663e6d27cbfed5749b99050cd942b8ae8eed7adbd0

nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 3c5cba391548ab140e3e012d5d824831c021217ec4fbad5f1a5b0ada732c6f4a

npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm

SHA-256: 033f7fb5bd8e8d1f50b60e105819569219c7b4191b8036cf661b94d50e9b96e7

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

aarch64

nodejs-16.17.1-1.el9_0.aarch64.rpm

SHA-256: aaf7cba413bae0a4793bfbc896ef3bf54e8955884396190e42a4770454ca37a9

nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 623bd56d1f5b5f926a03812af7bf9f296944e483713666c8cdcb45dfc0469959

nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 9aa40cdc134d121173e712abf79b081ee92ace9bc4057b59ae8b77aed0b30aa6

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 3ef06a2b31b72f8e3b39458bca9283e5b7ac18e75993a677551b85d40a24a69a

nodejs-libs-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 74b071783fae80c863803c663e6d27cbfed5749b99050cd942b8ae8eed7adbd0

nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 3c5cba391548ab140e3e012d5d824831c021217ec4fbad5f1a5b0ada732c6f4a

npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm

SHA-256: 033f7fb5bd8e8d1f50b60e105819569219c7b4191b8036cf661b94d50e9b96e7

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

ppc64le

nodejs-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 9e15401b56274168c9542639ae946752cfcb4ec73706c671b720fbd5f615cbf4

nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: c0d0e4d65def67edb433157e0d2a2070a876e1da6191c365d04dccd39fa2f21f

nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: b8c235c57f4539b98c149076ed543920f6bbf80cec640d13e80da10cd3d051a2

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 407182ffde9c0082835e80176bcd13fa4626a6d8bb14917d07819075c0f9e04a

nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: 879e4350fb48c61d3dafa80f7af617c3600d5d37a4903f2a93bf256bb97e7c83

nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm

SHA-256: c0d61ac8bb3995967b53e05f27fe3d27b01bb24bac26f1dd735220d403f489ee

npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm

SHA-256: 6317533844efeedd443ccca50a74fc2208252164fe47c2766664b8707a63b2d8

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

x86_64

nodejs-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 12787c2f8f44ca93dc3f44a8411aee308bcd95fabfeaab22e9d43b97549d038f

nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm

SHA-256: f91afcbb2d89b4009dbfc35b1c1e5270c816449f48684d924c9c0b81738138e9

nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm

SHA-256: f9e4261f9e734cb9ef2f835571c74d9fa8eaa147e1c1e74fa8fd4b03a3dd73b3

nodejs-debugsource-16.17.1-1.el9_0.i686.rpm

SHA-256: 7bb9732257693e8f0d43f538a9cc44ea44cc0727c188f3c46d734fdba49ace2d

nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 81f9916090819ae36d6e41d6e2324ef226c814de7eaf66db26ca85b3541125ed

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 4ba83078e0f074ea934edf34b25b7cc4ebb84da9ef51c96b31e4be3c74c2f0b2

nodejs-libs-16.17.1-1.el9_0.i686.rpm

SHA-256: 424528b94ff845f25c90398c278884d5dc33a3e84a255c9b1e0c5b2fbc60258b

nodejs-libs-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 6bf4f8f1ad4ff98683e6b60feff7ed3b9a31695ee2ffefbef8b1cfbc62c7a918

nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm

SHA-256: 988917831be62490e255940b4f37519c1c8ce8af54415ae9824976ec04641610

nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm

SHA-256: 6880ac047750789193e985ca828407110e80ecf9bdc10143a2a49d3564d909aa

npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm

SHA-256: 6cf827f536fc25c94219e9b5f536168a8ddd79db3776ebc09f331052be063dc2

Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

aarch64

nodejs-16.17.1-1.el9_0.aarch64.rpm

SHA-256: aaf7cba413bae0a4793bfbc896ef3bf54e8955884396190e42a4770454ca37a9

nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 623bd56d1f5b5f926a03812af7bf9f296944e483713666c8cdcb45dfc0469959

nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 9aa40cdc134d121173e712abf79b081ee92ace9bc4057b59ae8b77aed0b30aa6

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 3ef06a2b31b72f8e3b39458bca9283e5b7ac18e75993a677551b85d40a24a69a

nodejs-libs-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 74b071783fae80c863803c663e6d27cbfed5749b99050cd942b8ae8eed7adbd0

nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm

SHA-256: 3c5cba391548ab140e3e012d5d824831c021217ec4fbad5f1a5b0ada732c6f4a

npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm

SHA-256: 033f7fb5bd8e8d1f50b60e105819569219c7b4191b8036cf661b94d50e9b96e7

Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0

SRPM

nodejs-16.17.1-1.el9_0.src.rpm

SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2

s390x

nodejs-16.17.1-1.el9_0.s390x.rpm

SHA-256: 5b3d9b0fe7522cb0fb4cf80ccd533acd5fcb13830870bebcbddb94899bc24eef

nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm

SHA-256: a3815d78ad632f0e56558c22f03fe3d2a49b6c55a3ebb17f50a871b36b6b2bf4

nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm

SHA-256: 0dbc70ade9f8dcfcc6a861470c932c77d62e599e005772e9a4a34110fbf9d8bc

nodejs-docs-16.17.1-1.el9_0.noarch.rpm

SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2

nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm

SHA-256: 9a4e896ea01dcaaebad4bb30970848c042718a0fea368678c25d5fa733628a7f

nodejs-libs-16.17.1-1.el9_0.s390x.rpm

SHA-256: 4dad0b71fe382072f173e318a74fa6691bd8540f351390e202352c97d4550c0b

nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm

SHA-256: f4b8edc1a33fef9a566d9160de29840536c60dc451e5c60f40c2f6cd34eb4489

npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm

SHA-256: 501d32bba90c90e2627bf6bb7fddbbdcb1262cb3bcad85721f5cfc4466c6b520

Related news

Gentoo Linux Security Advisory 202405-29

Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.

Ubuntu Security Notice USN-6491-1

Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.

RHSA-2023:1742: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44531: A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry...

RHSA-2023:1533: Red Hat Security Advisory: nodejs:14 security, bug fix, and enhancement update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to tr...

Debian Security Advisory 5326-1

Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.

RHSA-2023:0321: Red Hat Security Advisory: nodejs and nodejs-nodemon security, bug fix, and enhancement update

An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44906: minimist: prototype pollution * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields * CVE-2022-43548: nodejs: DNS rebinding in inspect via invalid octal IP address

CISA Warns of Flaws in Siemens, GE Digital, and Contec Industrial Control Systems

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)

CVE-2022-35255

A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.

CVE-2022-35256

The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.

Red Hat Security Advisory 2022-7830-01

Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

Red Hat Security Advisory 2022-7821-01

Red Hat Security Advisory 2022-7821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

RHSA-2022:7830: Red Hat Security Advisory: nodejs:14 security update

An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2022-21824: nodejs: Prototype pollution via console.table properties * CVE-2022-35256: nodejs: HTTP Reque...

RHSA-2022:7821: Red Hat Security Advisory: nodejs:18 security update

An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

Red Hat Security Advisory 2022-7044-01

Red Hat Security Advisory 2022-7044-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.

RHSA-2022:7044: Red Hat Security Advisory: rh-nodejs14-nodejs security update

An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2021-44906: minimist: prototype pollution * CVE-2022-21824: nodejs: Prototype pollution via console.table...

Red Hat Security Advisory 2022-6963-01

Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

CVE-2022-21587: Oracle Critical Patch Update Advisory - October 2022

Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).

Red Hat Security Advisory 2022-6964-01

Red Hat Security Advisory 2022-6964-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.

RHSA-2022:6964: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields

RHSA-2022:6964: Red Hat Security Advisory: nodejs:16 security update

An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields