Headline
RHSA-2022:6963: Red Hat Security Advisory: nodejs security update
An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen
- CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Synopsis
Important: nodejs security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for nodejs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16.17.1).
Security Fix(es):
- nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
- nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x
Fixes
- BZ - 2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen
- BZ - 2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Red Hat Enterprise Linux for x86_64 9
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
x86_64
nodejs-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 12787c2f8f44ca93dc3f44a8411aee308bcd95fabfeaab22e9d43b97549d038f
nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm
SHA-256: f91afcbb2d89b4009dbfc35b1c1e5270c816449f48684d924c9c0b81738138e9
nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm
SHA-256: f9e4261f9e734cb9ef2f835571c74d9fa8eaa147e1c1e74fa8fd4b03a3dd73b3
nodejs-debugsource-16.17.1-1.el9_0.i686.rpm
SHA-256: 7bb9732257693e8f0d43f538a9cc44ea44cc0727c188f3c46d734fdba49ace2d
nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 81f9916090819ae36d6e41d6e2324ef226c814de7eaf66db26ca85b3541125ed
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 4ba83078e0f074ea934edf34b25b7cc4ebb84da9ef51c96b31e4be3c74c2f0b2
nodejs-libs-16.17.1-1.el9_0.i686.rpm
SHA-256: 424528b94ff845f25c90398c278884d5dc33a3e84a255c9b1e0c5b2fbc60258b
nodejs-libs-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 6bf4f8f1ad4ff98683e6b60feff7ed3b9a31695ee2ffefbef8b1cfbc62c7a918
nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm
SHA-256: 988917831be62490e255940b4f37519c1c8ce8af54415ae9824976ec04641610
nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 6880ac047750789193e985ca828407110e80ecf9bdc10143a2a49d3564d909aa
npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm
SHA-256: 6cf827f536fc25c94219e9b5f536168a8ddd79db3776ebc09f331052be063dc2
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
x86_64
nodejs-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 12787c2f8f44ca93dc3f44a8411aee308bcd95fabfeaab22e9d43b97549d038f
nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm
SHA-256: f91afcbb2d89b4009dbfc35b1c1e5270c816449f48684d924c9c0b81738138e9
nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm
SHA-256: f9e4261f9e734cb9ef2f835571c74d9fa8eaa147e1c1e74fa8fd4b03a3dd73b3
nodejs-debugsource-16.17.1-1.el9_0.i686.rpm
SHA-256: 7bb9732257693e8f0d43f538a9cc44ea44cc0727c188f3c46d734fdba49ace2d
nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 81f9916090819ae36d6e41d6e2324ef226c814de7eaf66db26ca85b3541125ed
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 4ba83078e0f074ea934edf34b25b7cc4ebb84da9ef51c96b31e4be3c74c2f0b2
nodejs-libs-16.17.1-1.el9_0.i686.rpm
SHA-256: 424528b94ff845f25c90398c278884d5dc33a3e84a255c9b1e0c5b2fbc60258b
nodejs-libs-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 6bf4f8f1ad4ff98683e6b60feff7ed3b9a31695ee2ffefbef8b1cfbc62c7a918
nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm
SHA-256: 988917831be62490e255940b4f37519c1c8ce8af54415ae9824976ec04641610
nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 6880ac047750789193e985ca828407110e80ecf9bdc10143a2a49d3564d909aa
npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm
SHA-256: 6cf827f536fc25c94219e9b5f536168a8ddd79db3776ebc09f331052be063dc2
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
s390x
nodejs-16.17.1-1.el9_0.s390x.rpm
SHA-256: 5b3d9b0fe7522cb0fb4cf80ccd533acd5fcb13830870bebcbddb94899bc24eef
nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm
SHA-256: a3815d78ad632f0e56558c22f03fe3d2a49b6c55a3ebb17f50a871b36b6b2bf4
nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm
SHA-256: 0dbc70ade9f8dcfcc6a861470c932c77d62e599e005772e9a4a34110fbf9d8bc
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm
SHA-256: 9a4e896ea01dcaaebad4bb30970848c042718a0fea368678c25d5fa733628a7f
nodejs-libs-16.17.1-1.el9_0.s390x.rpm
SHA-256: 4dad0b71fe382072f173e318a74fa6691bd8540f351390e202352c97d4550c0b
nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm
SHA-256: f4b8edc1a33fef9a566d9160de29840536c60dc451e5c60f40c2f6cd34eb4489
npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm
SHA-256: 501d32bba90c90e2627bf6bb7fddbbdcb1262cb3bcad85721f5cfc4466c6b520
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
s390x
nodejs-16.17.1-1.el9_0.s390x.rpm
SHA-256: 5b3d9b0fe7522cb0fb4cf80ccd533acd5fcb13830870bebcbddb94899bc24eef
nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm
SHA-256: a3815d78ad632f0e56558c22f03fe3d2a49b6c55a3ebb17f50a871b36b6b2bf4
nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm
SHA-256: 0dbc70ade9f8dcfcc6a861470c932c77d62e599e005772e9a4a34110fbf9d8bc
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm
SHA-256: 9a4e896ea01dcaaebad4bb30970848c042718a0fea368678c25d5fa733628a7f
nodejs-libs-16.17.1-1.el9_0.s390x.rpm
SHA-256: 4dad0b71fe382072f173e318a74fa6691bd8540f351390e202352c97d4550c0b
nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm
SHA-256: f4b8edc1a33fef9a566d9160de29840536c60dc451e5c60f40c2f6cd34eb4489
npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm
SHA-256: 501d32bba90c90e2627bf6bb7fddbbdcb1262cb3bcad85721f5cfc4466c6b520
Red Hat Enterprise Linux for Power, little endian 9
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
ppc64le
nodejs-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 9e15401b56274168c9542639ae946752cfcb4ec73706c671b720fbd5f615cbf4
nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: c0d0e4d65def67edb433157e0d2a2070a876e1da6191c365d04dccd39fa2f21f
nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: b8c235c57f4539b98c149076ed543920f6bbf80cec640d13e80da10cd3d051a2
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 407182ffde9c0082835e80176bcd13fa4626a6d8bb14917d07819075c0f9e04a
nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 879e4350fb48c61d3dafa80f7af617c3600d5d37a4903f2a93bf256bb97e7c83
nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: c0d61ac8bb3995967b53e05f27fe3d27b01bb24bac26f1dd735220d403f489ee
npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm
SHA-256: 6317533844efeedd443ccca50a74fc2208252164fe47c2766664b8707a63b2d8
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
ppc64le
nodejs-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 9e15401b56274168c9542639ae946752cfcb4ec73706c671b720fbd5f615cbf4
nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: c0d0e4d65def67edb433157e0d2a2070a876e1da6191c365d04dccd39fa2f21f
nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: b8c235c57f4539b98c149076ed543920f6bbf80cec640d13e80da10cd3d051a2
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 407182ffde9c0082835e80176bcd13fa4626a6d8bb14917d07819075c0f9e04a
nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 879e4350fb48c61d3dafa80f7af617c3600d5d37a4903f2a93bf256bb97e7c83
nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: c0d61ac8bb3995967b53e05f27fe3d27b01bb24bac26f1dd735220d403f489ee
npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm
SHA-256: 6317533844efeedd443ccca50a74fc2208252164fe47c2766664b8707a63b2d8
Red Hat Enterprise Linux for ARM 64 9
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
aarch64
nodejs-16.17.1-1.el9_0.aarch64.rpm
SHA-256: aaf7cba413bae0a4793bfbc896ef3bf54e8955884396190e42a4770454ca37a9
nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 623bd56d1f5b5f926a03812af7bf9f296944e483713666c8cdcb45dfc0469959
nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 9aa40cdc134d121173e712abf79b081ee92ace9bc4057b59ae8b77aed0b30aa6
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 3ef06a2b31b72f8e3b39458bca9283e5b7ac18e75993a677551b85d40a24a69a
nodejs-libs-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 74b071783fae80c863803c663e6d27cbfed5749b99050cd942b8ae8eed7adbd0
nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 3c5cba391548ab140e3e012d5d824831c021217ec4fbad5f1a5b0ada732c6f4a
npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm
SHA-256: 033f7fb5bd8e8d1f50b60e105819569219c7b4191b8036cf661b94d50e9b96e7
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
aarch64
nodejs-16.17.1-1.el9_0.aarch64.rpm
SHA-256: aaf7cba413bae0a4793bfbc896ef3bf54e8955884396190e42a4770454ca37a9
nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 623bd56d1f5b5f926a03812af7bf9f296944e483713666c8cdcb45dfc0469959
nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 9aa40cdc134d121173e712abf79b081ee92ace9bc4057b59ae8b77aed0b30aa6
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 3ef06a2b31b72f8e3b39458bca9283e5b7ac18e75993a677551b85d40a24a69a
nodejs-libs-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 74b071783fae80c863803c663e6d27cbfed5749b99050cd942b8ae8eed7adbd0
nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 3c5cba391548ab140e3e012d5d824831c021217ec4fbad5f1a5b0ada732c6f4a
npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm
SHA-256: 033f7fb5bd8e8d1f50b60e105819569219c7b4191b8036cf661b94d50e9b96e7
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
ppc64le
nodejs-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 9e15401b56274168c9542639ae946752cfcb4ec73706c671b720fbd5f615cbf4
nodejs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: c0d0e4d65def67edb433157e0d2a2070a876e1da6191c365d04dccd39fa2f21f
nodejs-debugsource-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: b8c235c57f4539b98c149076ed543920f6bbf80cec640d13e80da10cd3d051a2
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 407182ffde9c0082835e80176bcd13fa4626a6d8bb14917d07819075c0f9e04a
nodejs-libs-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: 879e4350fb48c61d3dafa80f7af617c3600d5d37a4903f2a93bf256bb97e7c83
nodejs-libs-debuginfo-16.17.1-1.el9_0.ppc64le.rpm
SHA-256: c0d61ac8bb3995967b53e05f27fe3d27b01bb24bac26f1dd735220d403f489ee
npm-8.15.0-1.16.17.1.1.el9_0.ppc64le.rpm
SHA-256: 6317533844efeedd443ccca50a74fc2208252164fe47c2766664b8707a63b2d8
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
x86_64
nodejs-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 12787c2f8f44ca93dc3f44a8411aee308bcd95fabfeaab22e9d43b97549d038f
nodejs-debuginfo-16.17.1-1.el9_0.i686.rpm
SHA-256: f91afcbb2d89b4009dbfc35b1c1e5270c816449f48684d924c9c0b81738138e9
nodejs-debuginfo-16.17.1-1.el9_0.x86_64.rpm
SHA-256: f9e4261f9e734cb9ef2f835571c74d9fa8eaa147e1c1e74fa8fd4b03a3dd73b3
nodejs-debugsource-16.17.1-1.el9_0.i686.rpm
SHA-256: 7bb9732257693e8f0d43f538a9cc44ea44cc0727c188f3c46d734fdba49ace2d
nodejs-debugsource-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 81f9916090819ae36d6e41d6e2324ef226c814de7eaf66db26ca85b3541125ed
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 4ba83078e0f074ea934edf34b25b7cc4ebb84da9ef51c96b31e4be3c74c2f0b2
nodejs-libs-16.17.1-1.el9_0.i686.rpm
SHA-256: 424528b94ff845f25c90398c278884d5dc33a3e84a255c9b1e0c5b2fbc60258b
nodejs-libs-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 6bf4f8f1ad4ff98683e6b60feff7ed3b9a31695ee2ffefbef8b1cfbc62c7a918
nodejs-libs-debuginfo-16.17.1-1.el9_0.i686.rpm
SHA-256: 988917831be62490e255940b4f37519c1c8ce8af54415ae9824976ec04641610
nodejs-libs-debuginfo-16.17.1-1.el9_0.x86_64.rpm
SHA-256: 6880ac047750789193e985ca828407110e80ecf9bdc10143a2a49d3564d909aa
npm-8.15.0-1.16.17.1.1.el9_0.x86_64.rpm
SHA-256: 6cf827f536fc25c94219e9b5f536168a8ddd79db3776ebc09f331052be063dc2
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
aarch64
nodejs-16.17.1-1.el9_0.aarch64.rpm
SHA-256: aaf7cba413bae0a4793bfbc896ef3bf54e8955884396190e42a4770454ca37a9
nodejs-debuginfo-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 623bd56d1f5b5f926a03812af7bf9f296944e483713666c8cdcb45dfc0469959
nodejs-debugsource-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 9aa40cdc134d121173e712abf79b081ee92ace9bc4057b59ae8b77aed0b30aa6
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 3ef06a2b31b72f8e3b39458bca9283e5b7ac18e75993a677551b85d40a24a69a
nodejs-libs-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 74b071783fae80c863803c663e6d27cbfed5749b99050cd942b8ae8eed7adbd0
nodejs-libs-debuginfo-16.17.1-1.el9_0.aarch64.rpm
SHA-256: 3c5cba391548ab140e3e012d5d824831c021217ec4fbad5f1a5b0ada732c6f4a
npm-8.15.0-1.16.17.1.1.el9_0.aarch64.rpm
SHA-256: 033f7fb5bd8e8d1f50b60e105819569219c7b4191b8036cf661b94d50e9b96e7
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0
SRPM
nodejs-16.17.1-1.el9_0.src.rpm
SHA-256: 80ccad97145fa25034cc60cd7109de1eb05314f3291e435f0cb3b2b9b0ed17b2
s390x
nodejs-16.17.1-1.el9_0.s390x.rpm
SHA-256: 5b3d9b0fe7522cb0fb4cf80ccd533acd5fcb13830870bebcbddb94899bc24eef
nodejs-debuginfo-16.17.1-1.el9_0.s390x.rpm
SHA-256: a3815d78ad632f0e56558c22f03fe3d2a49b6c55a3ebb17f50a871b36b6b2bf4
nodejs-debugsource-16.17.1-1.el9_0.s390x.rpm
SHA-256: 0dbc70ade9f8dcfcc6a861470c932c77d62e599e005772e9a4a34110fbf9d8bc
nodejs-docs-16.17.1-1.el9_0.noarch.rpm
SHA-256: 67030e9a77735a3f9d68d81e13299356cd1296e61bd18d26a142b2450783a2e2
nodejs-full-i18n-16.17.1-1.el9_0.s390x.rpm
SHA-256: 9a4e896ea01dcaaebad4bb30970848c042718a0fea368678c25d5fa733628a7f
nodejs-libs-16.17.1-1.el9_0.s390x.rpm
SHA-256: 4dad0b71fe382072f173e318a74fa6691bd8540f351390e202352c97d4550c0b
nodejs-libs-debuginfo-16.17.1-1.el9_0.s390x.rpm
SHA-256: f4b8edc1a33fef9a566d9160de29840536c60dc451e5c60f40c2f6cd34eb4489
npm-8.15.0-1.16.17.1.1.el9_0.s390x.rpm
SHA-256: 501d32bba90c90e2627bf6bb7fddbbdcb1262cb3bcad85721f5cfc4466c6b520
Related news
Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
Ubuntu Security Notice 6491-1 - Axel Chong discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. This issue only affected Ubuntu 22.04 LTS.
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44531: A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry...
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to tr...
Debian Linux Security Advisory 5326-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of host IP address validation and weak randomness setup.
An update for nodejs and nodejs-nodemon is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44906: minimist: prototype pollution * CVE-2022-3517: nodejs-minimatch: ReDoS via the braceExpand function * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields * CVE-2022-43548: nodejs: DNS rebinding in inspect via invalid octal IP address
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has published four Industrial Control Systems (ICS) advisories, calling out several security flaws affecting products from Siemens, GE Digital, and Contec. The most critical of the issues have been identified in Siemens SINEC INS that could lead to remote code execution via a path traversal flaw (CVE-2022-45092, CVSS score: 9.9)
A weak randomness in WebCrypto keygen vulnerability exists in Node.js 18 due to a change with EntropySource() in SecretKeyGenTraits::DoKeyGen() in src/crypto/crypto_keygen.cc. There are two problems with this: 1) It does not check the return value, it assumes EntropySource() always succeeds, but it can (and sometimes will) fail. 2) The random data returned byEntropySource() may not be cryptographically strong and therefore not suitable as keying material.
The llhttp parser in the http module in Node v18.7.0 does not correctly handle header fields that are not terminated with CLRF. This may result in HTTP Request Smuggling.
Red Hat Security Advisory 2022-7830-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2022-7821-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2022-21824: nodejs: Prototype pollution via console.table properties * CVE-2022-35256: nodejs: HTTP Reque...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
Red Hat Security Advisory 2022-7044-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-44531: nodejs: Improper handling of URI Subject Alternative Names * CVE-2021-44532: nodejs: Certificate Verification Bypass via String Injection * CVE-2021-44533: nodejs: Incorrect handling of certificate subject and issuer fields * CVE-2021-44906: minimist: prototype pollution * CVE-2022-21824: nodejs: Prototype pollution via console.table...
Red Hat Security Advisory 2022-6963-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
Vulnerability in the Oracle Web Applications Desktop Integrator product of Oracle E-Business Suite (component: Upload). Supported versions that are affected are 12.2.3-12.2.11. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Web Applications Desktop Integrator. Successful attacks of this vulnerability can result in takeover of Oracle Web Applications Desktop Integrator. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Red Hat Security Advisory 2022-6964-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a HTTP request smuggling vulnerability.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-35255: nodejs: weak randomness in WebCrypto keygen * CVE-2022-35256: nodejs: HTTP Request Smuggling due to incorrect parsing of header fields