Headline
RHSA-2023:4033: Red Hat Security Advisory: nodejs:16 security update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.
- CVE-2023-31130: A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. “0::00:00:00/2” in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().
- CVE-2023-31147: A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.
- CVE-2023-32067: A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.
Synopsis
Important: nodejs:16 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
- c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
- c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
- c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6 x86_64
- Red Hat Enterprise Linux Server - AUS 8.6 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.6 x86_64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6 x86_64
Fixes
- BZ - 2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
- BZ - 2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()
- BZ - 2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs
- BZ - 2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service
CVEs
- CVE-2023-31124
- CVE-2023-31130
- CVE-2023-31147
- CVE-2023-32067
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c7a07a8cf8fb8b9707adf49b313f1dabf8d7e5fd4e032c5375eb82b2b7166d66
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 2e2be93259eb42b326481ddb58bb98705ce300172a27a293eaff20e6ae39e695
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 34eeb151de277143e888a1372080a5e51bb5f9a52618beefc2794bd15a79b59e
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 5d30e3e708ef7ed629003ef5329c283d0227e18b4ed2b4d670a25c118117807c
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c4b00efb7855d8cbeecd1f0cff467929cf46396c84e139dac88615cd44845586
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 508c4c11b114a70b42c138ce3ce5cb28af3f81b77a18b27ca63c8f9e3cd24d1e
Red Hat Enterprise Linux Server - AUS 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c7a07a8cf8fb8b9707adf49b313f1dabf8d7e5fd4e032c5375eb82b2b7166d66
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 2e2be93259eb42b326481ddb58bb98705ce300172a27a293eaff20e6ae39e695
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 34eeb151de277143e888a1372080a5e51bb5f9a52618beefc2794bd15a79b59e
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 5d30e3e708ef7ed629003ef5329c283d0227e18b4ed2b4d670a25c118117807c
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c4b00efb7855d8cbeecd1f0cff467929cf46396c84e139dac88615cd44845586
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 508c4c11b114a70b42c138ce3ce5cb28af3f81b77a18b27ca63c8f9e3cd24d1e
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
s390x
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm
SHA-256: 57b15c5e2c2a8ec1d21bfb4e940b84a8f048d43dbf77ce39324c6f0bbfa3e0f7
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm
SHA-256: 36212509752b0eeb77bed00eb3f7c9840da25d3337393579b3b448336fe11964
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm
SHA-256: e5723d0e20fb2480f277d8206374c0da9bf1caca2303e79a2df2c71c87b9e887
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm
SHA-256: cba6ed01b1576c04789f1daa5ce887930c69a10250991baaa11412448b4e89f4
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm
SHA-256: f82026a3fa1abc9b47b3c7cab41358c0db125eaa91cefc4cca63800864e43e93
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.s390x.rpm
SHA-256: a9dc774395bb16819ef7dd86e6cccfaa5a4d5c72b1a44b3583fe04a3e29d8706
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 376305326bba24cbcd9683b3a734dc8c82073255dcad36661963ecaea5418a08
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 95397b2d7bac6dd4fee2889f694d476079e1331648b78d8de6e513f0092dbee7
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: b904b05a0923a0c183c89a2cf5aba216d07e4108b27f0dc93415eea641d87e86
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 225c55954e5c386d58fdfa457df8dda0fc9d781b8e1de999bb92c26030686f48
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 696ef1c871dd38cfc02f8809f13f047b54cfbb8411fa95971369942275dc1805
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 954b072ddae08b01e4ffda0f9dadc4fdc37b1fc9de8f5d09a4101d2e7957aa23
Red Hat Enterprise Linux Server - TUS 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c7a07a8cf8fb8b9707adf49b313f1dabf8d7e5fd4e032c5375eb82b2b7166d66
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 2e2be93259eb42b326481ddb58bb98705ce300172a27a293eaff20e6ae39e695
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 34eeb151de277143e888a1372080a5e51bb5f9a52618beefc2794bd15a79b59e
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 5d30e3e708ef7ed629003ef5329c283d0227e18b4ed2b4d670a25c118117807c
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c4b00efb7855d8cbeecd1f0cff467929cf46396c84e139dac88615cd44845586
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 508c4c11b114a70b42c138ce3ce5cb28af3f81b77a18b27ca63c8f9e3cd24d1e
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
aarch64
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm
SHA-256: 9f687ee7f856bd6109fcaa00b1d6dd343836d6a0d4fedd641ceedd440ee4b65e
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm
SHA-256: 8bc10fa299bf69e2a1be69ee9eaaba47e28a7dc934b64f6a35ecac08a40cf41c
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm
SHA-256: 7edd9a6b08d56b0f7d1facbf9072043219465f22ea40e67cc9fcc47dd62377a3
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm
SHA-256: eb5dd38f522e9e98f5bd07501b45678b6966fb8a06a12fadc4fe536fd2c28f90
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm
SHA-256: 5f4aa0b66eeea95ea42cd61d59a399033e28bbe91f054d259e63e3a5202f5f1e
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm
SHA-256: 4f4727e5e8c55ae30bfc9f2ee07b6bf03bea1a066219e190f1256ee437b77ec7
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
ppc64le
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 376305326bba24cbcd9683b3a734dc8c82073255dcad36661963ecaea5418a08
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 95397b2d7bac6dd4fee2889f694d476079e1331648b78d8de6e513f0092dbee7
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: b904b05a0923a0c183c89a2cf5aba216d07e4108b27f0dc93415eea641d87e86
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 225c55954e5c386d58fdfa457df8dda0fc9d781b8e1de999bb92c26030686f48
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 696ef1c871dd38cfc02f8809f13f047b54cfbb8411fa95971369942275dc1805
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm
SHA-256: 954b072ddae08b01e4ffda0f9dadc4fdc37b1fc9de8f5d09a4101d2e7957aa23
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.6
SRPM
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: db5bf4d7adeaf823f1a40a68595c5b781e9ebedfdee635265857c9de0c464f5b
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm
SHA-256: 5295ddeaea6b207ada27a3c7d5182c5a1480f50c20ec0c0ff906ebb5eae59b50
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm
SHA-256: 33ac4142978ab66debe87d4af95fd56ed6a39f0947eb46a6ca988dc7d035a835
x86_64
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: 833929e1e1c01f4f361bee2b276e37950b5d6d761c1854d19d7e51f95299dcd2
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm
SHA-256: b91edc61e6f14c5017f5cd1847de5ad3fb4b9fe313aff6089bc9ecceef192422
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm
SHA-256: f39eef40249724ab490a024922470273a1c4789881bc489aaa719a432380edfc
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c7a07a8cf8fb8b9707adf49b313f1dabf8d7e5fd4e032c5375eb82b2b7166d66
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 2e2be93259eb42b326481ddb58bb98705ce300172a27a293eaff20e6ae39e695
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 34eeb151de277143e888a1372080a5e51bb5f9a52618beefc2794bd15a79b59e
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 5d30e3e708ef7ed629003ef5329c283d0227e18b4ed2b4d670a25c118117807c
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: c4b00efb7855d8cbeecd1f0cff467929cf46396c84e139dac88615cd44845586
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm
SHA-256: 508c4c11b114a70b42c138ce3ce5cb28af3f81b77a18b27ca63c8f9e3cd24d1e
Related news
Red Hat Security Advisory 2023-7543-01 - An update for c-ares is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Issues addressed include a buffer overflow vulnerability.
IBM QRadar SIEM 7.5.0 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 254138
Gentoo Linux Security Advisory 202310-9 - Multiple vulnerabilities have been discovered in c-ares the worst of which could result in Denial of Service. Versions greater than or equal to 1.19.1 are affected.
Ubuntu Security Notice 6164-2 - USN-6164-1 fixed several vulnerabilities in c-ares. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Hannes Moesl discovered that c-ares incorrectly handled certain ipv6 addresses. An attacker could use this issue to cause c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.
Red Hat Security Advisory 2023-4226-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.6.
Red Hat Security Advisory 2023-4090-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.5.
Red Hat OpenShift Container Platform release 4.13.5 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.13. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-41717: A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server c...
Red Hat Security Advisory 2023-4039-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4034-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4033-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4036-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-4035-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow and denial of service vulnerabilities.
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2023-31124: A flaw was found in c-ares. This issue occurs...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2023-31124: A flaw was found in c-ares. This issue occurs...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2023-31124: A flaw was found in c-ares. This issue occurs...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * CVE-2023-3113...
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG. * C...
Red Hat Security Advisory 2023-3741-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3677-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
Red Hat Security Advisory 2023-3665-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
An update for c-ares is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.
Red Hat Security Advisory 2023-3660-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
An update for c-ares is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support, Red Hat Enterprise Linux 8.2 Telecommunications Update Service, and Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and r...
Red Hat Security Advisory 2023-3559-01 - The c-ares C library defines asynchronous DNS requests and provides name resolving API. Issues addressed include a denial of service vulnerability.
An update for c-ares is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection. This issue has been patc...
An update for c-ares is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-32067: c-ares is an asynchronous resolver library. c-ares is vulnerable to denial of service. If a target resolver sends a query, the attacker forges a malformed UDP packet with a length of 0 and returns them to the target resolver. The target resolver erroneously interprets the 0 length as a graceful shutdown of the connection...
Debian Linux Security Advisory 5419-1 - Two vulnerabilities were discovered in c-ares, an asynchronous name resolver library.
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.
c-ares is an asynchronous resolver library. When cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross compiling aarch64 android. This will downgrade to using rand() as a fallback which could allow an attacker to take advantage of the lack of entropy by not using a CSPRNG. This issue was patched in version 1.19.1.
c-ares is an asynchronous resolver library. When /dev/urandom or RtlGenRandom() are unavailable, c-ares uses rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand() so will generate predictable output. Input from the random number generator is fed into a non-compilant RC4 implementation and may not be as strong as the original RC4 implementation. No attempt is made to look for modern OS-provided CSPRNGs like arc4random() that is widely available. This issue has been fixed in version 1.19.1.
c-ares is an asynchronous resolver library. ares_inet_net_pton() is vulnerable to a buffer underflow for certain ipv6 addresses, in particular "0::00:00:00/2" was found to cause an issue. C-ares only uses this function internally for configuration purposes which would require an administrator to configure such an address via ares_set_sortlist(). However, users may externally use ares_inet_net_pton() for other purposes and thus be vulnerable to more severe issues. This issue has been fixed in 1.19.1.