Headline
RHSA-2023:4035: Red Hat Security Advisory: nodejs:18 security update
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
- CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.
- CVE-2023-31130: A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. “0::00:00:00/2” in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().
- CVE-2023-31147: A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.
- CVE-2023-32067: A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.
Synopsis
Important: nodejs:18 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
- c-ares: buffer overflow in config_sortlist() due to missing string length check (CVE-2022-4904)
- c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
- c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
- c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Fixes
- BZ - 2168631 - CVE-2022-4904 c-ares: buffer overflow in config_sortlist() due to missing string length check
- BZ - 2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
- BZ - 2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()
- BZ - 2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs
- BZ - 2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service
CVEs
- CVE-2022-4904
- CVE-2023-31124
- CVE-2023-31130
- CVE-2023-31147
- CVE-2023-32067
Red Hat Enterprise Linux for x86_64 8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 5e15a0e175383c279f96fe0bd7a797671f59b73f71c5c7ffd0bf1a208315b6a6
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7645f7823fb98cc0d2cdda1cfc2a396421fc0fde8766f459c548fc4f3c354172
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 0df0a0416231f65ba9ea27be9cc8f65fad52f29549ed837a00622e3246b082d6
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7324e050a5b1de8fc6194c89357dd6d04bbc647f663ff67205b558f4c80a4d03
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: e5ab2a92c3757f91bbfeaa023c143c385102056bb37e868e616ebb457e9415bd
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 377ccd13e21cb41cf65e8a7efb21bb8b1094552b0081ce99320d733073a75268
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 5e15a0e175383c279f96fe0bd7a797671f59b73f71c5c7ffd0bf1a208315b6a6
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7645f7823fb98cc0d2cdda1cfc2a396421fc0fde8766f459c548fc4f3c354172
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 0df0a0416231f65ba9ea27be9cc8f65fad52f29549ed837a00622e3246b082d6
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7324e050a5b1de8fc6194c89357dd6d04bbc647f663ff67205b558f4c80a4d03
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: e5ab2a92c3757f91bbfeaa023c143c385102056bb37e868e616ebb457e9415bd
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 377ccd13e21cb41cf65e8a7efb21bb8b1094552b0081ce99320d733073a75268
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
s390x
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 866c7bfb60ee464c332a19c518787887699a6f9b3dc1278bb79fddd43f0a902f
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 22c6923d084b66545d1e1d510de71904ea5ecdda5853c2bee2d4c2b00cae12bb
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 9ac9a2a40430bce9673b8be4d6cb49287e27e65e3d2f35478bf7a321aba258dc
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: f4345441d3a1e5fd04473f29d74d302552947447d99c4d665041c26ffd463636
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 54f9fbac44015064390f0cfc636bcfaca4f017492138ee61234fc873f14778de
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 76e57f8050436015798b1cc9b5cc4d2f8bc97ab0b5d8af566d59d06aa90bb7af
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
s390x
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 866c7bfb60ee464c332a19c518787887699a6f9b3dc1278bb79fddd43f0a902f
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 22c6923d084b66545d1e1d510de71904ea5ecdda5853c2bee2d4c2b00cae12bb
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 9ac9a2a40430bce9673b8be4d6cb49287e27e65e3d2f35478bf7a321aba258dc
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: f4345441d3a1e5fd04473f29d74d302552947447d99c4d665041c26ffd463636
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 54f9fbac44015064390f0cfc636bcfaca4f017492138ee61234fc873f14778de
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.s390x.rpm
SHA-256: 76e57f8050436015798b1cc9b5cc4d2f8bc97ab0b5d8af566d59d06aa90bb7af
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
ppc64le
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: af74f6a9a4d3070b68047389ce3e257e121becbbd06c41843a42c43c184f1c88
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 5fffcd1eb48092f71a3bd01e924c19caccbb6406f4a7587a996297cf8cc2818e
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: a6c787c7917dacaa9e512e1a1948db6642464879b3ba4cc28a39ec384f0be11c
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 1d9efb158add6c276a1a2b08c401fc5b8b5ee1cacd772117d15d0c387fa0136d
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 624d1a68ed37329b1fcde41225e95479b93577ddb0b4b42d3c64ebaf95be671f
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 5a02f38232b0450373177b8986e24a31f32cbcfcafdc6177baed6d3155ff2a86
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
ppc64le
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: af74f6a9a4d3070b68047389ce3e257e121becbbd06c41843a42c43c184f1c88
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 5fffcd1eb48092f71a3bd01e924c19caccbb6406f4a7587a996297cf8cc2818e
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: a6c787c7917dacaa9e512e1a1948db6642464879b3ba4cc28a39ec384f0be11c
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 1d9efb158add6c276a1a2b08c401fc5b8b5ee1cacd772117d15d0c387fa0136d
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 624d1a68ed37329b1fcde41225e95479b93577ddb0b4b42d3c64ebaf95be671f
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 5a02f38232b0450373177b8986e24a31f32cbcfcafdc6177baed6d3155ff2a86
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 5e15a0e175383c279f96fe0bd7a797671f59b73f71c5c7ffd0bf1a208315b6a6
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7645f7823fb98cc0d2cdda1cfc2a396421fc0fde8766f459c548fc4f3c354172
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 0df0a0416231f65ba9ea27be9cc8f65fad52f29549ed837a00622e3246b082d6
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7324e050a5b1de8fc6194c89357dd6d04bbc647f663ff67205b558f4c80a4d03
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: e5ab2a92c3757f91bbfeaa023c143c385102056bb37e868e616ebb457e9415bd
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 377ccd13e21cb41cf65e8a7efb21bb8b1094552b0081ce99320d733073a75268
Red Hat Enterprise Linux for ARM 64 8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
aarch64
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: 34c5c99490c60c569b10cc1c8a5a50186cdea8f785159daaf3cf03afb9c0eb52
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: 76c062534dcc79ac616a1b76a506f4baab82db9adc5b0423eddef94c0cf46a05
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: cb416acd8c34471108bd1af080b28794ed2b0652122e95173ed9c08a6042d739
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: 153733b39ceafa01287e37c3dc9e59423e044ae5d668aeb3c74894e0214a500e
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: b4f5b5c90d14fcfbd4dc62a90f2f171fd0c3f0feff227be67ee3221f639f8e9b
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: db6f1839ed840b356b86a7f3a8464b180adf0eb9596cbebd2225c6f3ce95f1df
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
aarch64
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: 34c5c99490c60c569b10cc1c8a5a50186cdea8f785159daaf3cf03afb9c0eb52
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: 76c062534dcc79ac616a1b76a506f4baab82db9adc5b0423eddef94c0cf46a05
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: cb416acd8c34471108bd1af080b28794ed2b0652122e95173ed9c08a6042d739
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: 153733b39ceafa01287e37c3dc9e59423e044ae5d668aeb3c74894e0214a500e
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: b4f5b5c90d14fcfbd4dc62a90f2f171fd0c3f0feff227be67ee3221f639f8e9b
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm
SHA-256: db6f1839ed840b356b86a7f3a8464b180adf0eb9596cbebd2225c6f3ce95f1df
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
ppc64le
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: af74f6a9a4d3070b68047389ce3e257e121becbbd06c41843a42c43c184f1c88
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 5fffcd1eb48092f71a3bd01e924c19caccbb6406f4a7587a996297cf8cc2818e
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: a6c787c7917dacaa9e512e1a1948db6642464879b3ba4cc28a39ec384f0be11c
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 1d9efb158add6c276a1a2b08c401fc5b8b5ee1cacd772117d15d0c387fa0136d
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 624d1a68ed37329b1fcde41225e95479b93577ddb0b4b42d3c64ebaf95be671f
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm
SHA-256: 5a02f38232b0450373177b8986e24a31f32cbcfcafdc6177baed6d3155ff2a86
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm
SHA-256: 0627986a816e1954410d67640ac5c5e6c08333c8031c037c0be3890ebe1e70b8
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm
SHA-256: 0631264b9ceb4ca04277265d9e12bdab3ddcd1fdad04ca458b8cfefc794d6a06
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm
SHA-256: f1345ed8ecd3230b52424cb789ff10664a96a3e7eac42f3cc5c5e787e4d393bd
x86_64
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm
SHA-256: 167ae27f943897f11ffad1bc67c51758167352b1a75076bb53337e30d3d53a9e
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm
SHA-256: fd6a6348fcaf8099d2968844b2b4596c4237356ecca340fef40d765a4a487860
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: 3ef698eb2f19de97bde0e2e7eb6de64ef1c8370f5c6e4283874b34cce46914d4
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm
SHA-256: d2fd8d3242cc76d52c1eb84fced4f82b629cce882854ec7189f4de1ea47e20b4
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 5e15a0e175383c279f96fe0bd7a797671f59b73f71c5c7ffd0bf1a208315b6a6
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7645f7823fb98cc0d2cdda1cfc2a396421fc0fde8766f459c548fc4f3c354172
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 0df0a0416231f65ba9ea27be9cc8f65fad52f29549ed837a00622e3246b082d6
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 7324e050a5b1de8fc6194c89357dd6d04bbc647f663ff67205b558f4c80a4d03
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: e5ab2a92c3757f91bbfeaa023c143c385102056bb37e868e616ebb457e9415bd
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm
SHA-256: 377ccd13e21cb41cf65e8a7efb21bb8b1094552b0081ce99320d733073a75268
Related news
Gentoo Linux Security Advisory 202401-2 - Multiple vulnerabilities have been found in c-ares, the worst of which could result in the loss of confidentiality or integrity. Versions greater than or equal to 1.19.0 are affected.
Red Hat Security Advisory 2023-7543-01 - An update for c-ares is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
Red Hat Security Advisory 2023-7207-01 - An update for c-ares is now available for Red Hat Enterprise Linux 8. Issues addressed include a buffer over-read vulnerability.
Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.
Gentoo Linux Security Advisory 202310-9 - Multiple vulnerabilities have been discovered in c-ares the worst of which could result in Denial of Service. Versions greater than or equal to 1.19.1 are affected.
Ubuntu Security Notice 6164-2 - USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Red Hat Security Advisory 2023-4039-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4034-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4033-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4036-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4035-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow and denial of service vulnerabilities.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using...
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * C...
Red Hat Security Advisory 2023-3925-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.12.23.
Red Hat OpenShift Container Platform release 4.12.23 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.12. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS-...
Red Hat Security Advisory 2023-3915-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.11.44.
Red Hat OpenShift Container Platform release 4.11.44 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.11. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-3089: A compliance problem was found in the Red Hat OpenShift Container Platform. Red Hat discovered that, when FIPS mode was enabled, not all of the cryptographic modules in use were FIPS...
Updated images are now available for Red Hat Advanced Cluster Security (RHACS). The updated image includes new features and bug fixes. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-27191: A broken cryptographic algorithm flaw was found in golang.org/x/crypto/ssh. This issue causes a client to fail authentication with RSA keys to servers that reject signature algorithms based on SHA-2, enabling an attacker to crash the server, resulting in a loss of availability. * CVE...
An update for c-ares is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.
Red Hat Security Advisory 2023-3662-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
An update for c-ares is now available for Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the ...
An update for c-ares is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection...
An update for c-ares is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patc...
Debian Linux Security Advisory 5419-1 - Two vulnerabilities were discovered in c-ares, an asynchronous name resolver library.
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
Red Hat Security Advisory 2023-2655-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-1744-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-1743-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow, bypass, and denial of service vulnerabilities.
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2022-25881: A flaw was found in http-cache-semantics. Whe...
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44531: A flaw was found in node.js where it accepted a certificate's Subject Alternative Names (SAN) entry...
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2022-3517: A vulnerability was found in the nodejs-minimatch package. This flaw allows a Regular Expression Denial of Service (ReDoS) whe...
Red Hat Security Advisory 2023-1533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, buffer overflow, bypass, and denial of service vulnerabilities.
An update for the nodejs:14 module is now available for Red Hat Enterprise Linux 8.4 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2021-35065: A vulnerability was found in the glob-parent package. Affected versions of this package are vulnerable to Regular expression Denial of Service (ReDoS) attacks, affecting system availability. * CVE-2021-44906: An Uncontrolled Resource Consumption flaw was found in minimist. This flaw allows an attacker to tr...
A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity.
Ubuntu Security Notice 5907-1 - It was discovered that c-ares incorrectly handled certain sortlist strings. A remote attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.