Headline
RHSA-2023:4331: Red Hat Security Advisory: nodejs security, bug fix, and enhancement update
An update for nodejs is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2023-30581: No description is available for this CVE.
- CVE-2023-30588: No description is available for this CVE.
- CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20
- CVE-2023-30590: No description is available for this CVE.
Synopsis
Moderate: nodejs security, bug fix, and enhancement update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for nodejs is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The package has been upgraded to a later upstream version: nodejs (16.20.1). (BZ#2223334, BZ#2223336, BZ#2223338, BZ#2223340, BZ#2223342, BZ#2223344)
Security Fix(es):
- nodejs: mainModule.proto bypass experimental policy mechanism (CVE-2023-30581)
- nodejs: process interuption due to invalid Public Key information in x509 certificates (CVE-2023-30588)
- nodejs: HTTP Request Smuggling via Empty headers separated by CR (CVE-2023-30589)
- nodejs: DiffieHellman do not generate keys after setting a private key (CVE-2023-30590)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 9 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2 x86_64
- Red Hat Enterprise Linux Server - AUS 9.2 x86_64
- Red Hat Enterprise Linux for IBM z Systems 9 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2 s390x
- Red Hat Enterprise Linux for Power, little endian 9 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2 ppc64le
- Red Hat Enterprise Linux for ARM 64 9 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2 x86_64
- Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2 aarch64
- Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2 s390x
Fixes
- BZ - 2219824 - CVE-2023-30581 nodejs: mainModule.proto bypass experimental policy mechanism
- BZ - 2219838 - CVE-2023-30588 nodejs: process interuption due to invalid Public Key information in x509 certificates
- BZ - 2219841 - CVE-2023-30589 nodejs: HTTP Request Smuggling via Empty headers separated by CR
- BZ - 2219842 - CVE-2023-30590 nodejs: DiffieHellman do not generate keys after setting a private key
- BZ - 2223334 - nodejs: Rebase to the latest Nodejs 16 release [rhel-9] [rhel-9.2.0.z]
- BZ - 2223344 - nodejs: npm’s /usr/etc/ softlink to /etc/ is preventing osbuild from creating Edge images. [rhel-9] [rhel-9.2.0.z]
CVEs
- CVE-2023-30581
- CVE-2023-30588
- CVE-2023-30589
- CVE-2023-30590
Red Hat Enterprise Linux for x86_64 9
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
x86_64
nodejs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: b18cf1b3aaf8d1042c4d2c4410b0a4f84ea6233f329e8aeec8810a027bbc88ad
nodejs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: f7deaaad4d94cf8d590bb1ecd890dbd33232264777149ffe137c56238e7c7e08
nodejs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 3e54a4dc038254275cf1a118130da9ac61ae3f3a70db854f321296826bca14a6
nodejs-debugsource-16.20.1-1.el9_2.i686.rpm
SHA-256: e33520149c69907af6db72ef02d7494d371eaf3c7a84a9f439daf15425bb6df6
nodejs-debugsource-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 23f7872deca6f77d7893979d25a9fe2ae926f1a3bf33eee53fc379fe04c35a13
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpm
SHA-256: d283d02af275c03513ee3260eed22b895c1c020874eb4d21f7fb4f1da4a26dd9
nodejs-libs-16.20.1-1.el9_2.i686.rpm
SHA-256: 620a3e5268104077d158359cda6d0519a4bb220cb6f0c8074ac405f63d6b668c
nodejs-libs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: f9e5c546d888a0e11ee764f2b7f1012d6857d5d5542d3205eb5e9c50670db555
nodejs-libs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: 8a6343ac386664498b20075f6f436026a30c5a4ce109fb85e3bc577016125343
nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: be44e876f79346c3179a6a23393db5db9b4fed71e12a00189f0006843b70da33
npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpm
SHA-256: e6b33db3263ecce92d2333e9295d0c82c96e65ff784f07d735a8430ae3f28d58
Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
x86_64
nodejs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: b18cf1b3aaf8d1042c4d2c4410b0a4f84ea6233f329e8aeec8810a027bbc88ad
nodejs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: f7deaaad4d94cf8d590bb1ecd890dbd33232264777149ffe137c56238e7c7e08
nodejs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 3e54a4dc038254275cf1a118130da9ac61ae3f3a70db854f321296826bca14a6
nodejs-debugsource-16.20.1-1.el9_2.i686.rpm
SHA-256: e33520149c69907af6db72ef02d7494d371eaf3c7a84a9f439daf15425bb6df6
nodejs-debugsource-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 23f7872deca6f77d7893979d25a9fe2ae926f1a3bf33eee53fc379fe04c35a13
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpm
SHA-256: d283d02af275c03513ee3260eed22b895c1c020874eb4d21f7fb4f1da4a26dd9
nodejs-libs-16.20.1-1.el9_2.i686.rpm
SHA-256: 620a3e5268104077d158359cda6d0519a4bb220cb6f0c8074ac405f63d6b668c
nodejs-libs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: f9e5c546d888a0e11ee764f2b7f1012d6857d5d5542d3205eb5e9c50670db555
nodejs-libs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: 8a6343ac386664498b20075f6f436026a30c5a4ce109fb85e3bc577016125343
nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: be44e876f79346c3179a6a23393db5db9b4fed71e12a00189f0006843b70da33
npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpm
SHA-256: e6b33db3263ecce92d2333e9295d0c82c96e65ff784f07d735a8430ae3f28d58
Red Hat Enterprise Linux Server - AUS 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
x86_64
nodejs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: b18cf1b3aaf8d1042c4d2c4410b0a4f84ea6233f329e8aeec8810a027bbc88ad
nodejs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: f7deaaad4d94cf8d590bb1ecd890dbd33232264777149ffe137c56238e7c7e08
nodejs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 3e54a4dc038254275cf1a118130da9ac61ae3f3a70db854f321296826bca14a6
nodejs-debugsource-16.20.1-1.el9_2.i686.rpm
SHA-256: e33520149c69907af6db72ef02d7494d371eaf3c7a84a9f439daf15425bb6df6
nodejs-debugsource-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 23f7872deca6f77d7893979d25a9fe2ae926f1a3bf33eee53fc379fe04c35a13
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpm
SHA-256: d283d02af275c03513ee3260eed22b895c1c020874eb4d21f7fb4f1da4a26dd9
nodejs-libs-16.20.1-1.el9_2.i686.rpm
SHA-256: 620a3e5268104077d158359cda6d0519a4bb220cb6f0c8074ac405f63d6b668c
nodejs-libs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: f9e5c546d888a0e11ee764f2b7f1012d6857d5d5542d3205eb5e9c50670db555
nodejs-libs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: 8a6343ac386664498b20075f6f436026a30c5a4ce109fb85e3bc577016125343
nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: be44e876f79346c3179a6a23393db5db9b4fed71e12a00189f0006843b70da33
npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpm
SHA-256: e6b33db3263ecce92d2333e9295d0c82c96e65ff784f07d735a8430ae3f28d58
Red Hat Enterprise Linux for IBM z Systems 9
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
s390x
nodejs-16.20.1-1.el9_2.s390x.rpm
SHA-256: 4910339785dd0d49f9fda996412c3c43857e0e0c79e8eaf598cd9f0b469fc872
nodejs-debuginfo-16.20.1-1.el9_2.s390x.rpm
SHA-256: dc7c7a522b287068c9a303b20763552ed55165324d882b830b58abb2883c227d
nodejs-debugsource-16.20.1-1.el9_2.s390x.rpm
SHA-256: 86c08b294b2c07098254a65eb6d6a0de12f8805050749c30a9b5b35d03c26e79
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.s390x.rpm
SHA-256: b5e5b412ac6e91d0ebcf5faeba646b6f2affa48ba7b8d8a2fcdd2e2eed23a8df
nodejs-libs-16.20.1-1.el9_2.s390x.rpm
SHA-256: aa03a3e543fe7c31b7d0ccd317f51facd137abce21ddabb6ffb4ea608e371734
nodejs-libs-debuginfo-16.20.1-1.el9_2.s390x.rpm
SHA-256: eb0108c63759c12fe1abf465c9f434ffaf372fcac58bfb295ceb0a0f793d879c
npm-8.19.4-1.16.20.1.1.el9_2.s390x.rpm
SHA-256: 7f7a227132769dfcca24d81dc20a47447ea95cff3a3866664b8810e471462eba
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
s390x
nodejs-16.20.1-1.el9_2.s390x.rpm
SHA-256: 4910339785dd0d49f9fda996412c3c43857e0e0c79e8eaf598cd9f0b469fc872
nodejs-debuginfo-16.20.1-1.el9_2.s390x.rpm
SHA-256: dc7c7a522b287068c9a303b20763552ed55165324d882b830b58abb2883c227d
nodejs-debugsource-16.20.1-1.el9_2.s390x.rpm
SHA-256: 86c08b294b2c07098254a65eb6d6a0de12f8805050749c30a9b5b35d03c26e79
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.s390x.rpm
SHA-256: b5e5b412ac6e91d0ebcf5faeba646b6f2affa48ba7b8d8a2fcdd2e2eed23a8df
nodejs-libs-16.20.1-1.el9_2.s390x.rpm
SHA-256: aa03a3e543fe7c31b7d0ccd317f51facd137abce21ddabb6ffb4ea608e371734
nodejs-libs-debuginfo-16.20.1-1.el9_2.s390x.rpm
SHA-256: eb0108c63759c12fe1abf465c9f434ffaf372fcac58bfb295ceb0a0f793d879c
npm-8.19.4-1.16.20.1.1.el9_2.s390x.rpm
SHA-256: 7f7a227132769dfcca24d81dc20a47447ea95cff3a3866664b8810e471462eba
Red Hat Enterprise Linux for Power, little endian 9
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
ppc64le
nodejs-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 17d754182700c0f996129812a772245797a1190913928c49a9b9b1ab750e1c40
nodejs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 6f32978e71269736a4899b8f8aa87a65bb6ec6db75cf5490bcca3e564b7d3937
nodejs-debugsource-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 675b2fc4c3541e0d7fe037e2af69e656521cddba7352e1d7e1122a830e1f5cc4
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: bf644742b5e191d2332209f00554efae9513bdf02bc59d1150c90faa0334f1ac
nodejs-libs-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: b7115b68c8f8b67dff3135e7ce498ff3cf5c8b16f0614e89228b61a3264f8254
nodejs-libs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: a84004584cb962bf62983cbf90e81647cfb00f790397f81503ed2a510f5fce78
npm-8.19.4-1.16.20.1.1.el9_2.ppc64le.rpm
SHA-256: cdfb83cc7449cc4e73160495345f6ec354a952d8a808a1d49affcf98d231fe55
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
ppc64le
nodejs-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 17d754182700c0f996129812a772245797a1190913928c49a9b9b1ab750e1c40
nodejs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 6f32978e71269736a4899b8f8aa87a65bb6ec6db75cf5490bcca3e564b7d3937
nodejs-debugsource-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 675b2fc4c3541e0d7fe037e2af69e656521cddba7352e1d7e1122a830e1f5cc4
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: bf644742b5e191d2332209f00554efae9513bdf02bc59d1150c90faa0334f1ac
nodejs-libs-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: b7115b68c8f8b67dff3135e7ce498ff3cf5c8b16f0614e89228b61a3264f8254
nodejs-libs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: a84004584cb962bf62983cbf90e81647cfb00f790397f81503ed2a510f5fce78
npm-8.19.4-1.16.20.1.1.el9_2.ppc64le.rpm
SHA-256: cdfb83cc7449cc4e73160495345f6ec354a952d8a808a1d49affcf98d231fe55
Red Hat Enterprise Linux for ARM 64 9
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
aarch64
nodejs-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 36a14f697bb66600a24fbc2c51e5a0779ffc8239d874998ca9ba402e9b91a820
nodejs-debuginfo-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 703c08a6efff7d1bb84039a646ca1a6b1c64b67c10bcf98b79d33d905adefb47
nodejs-debugsource-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 4a752bb53cd21ff099b549f1d5308c998db1793a183f4916b8ee5aa7ec737aed
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 6616af075ff2dd048559d427969c6f1a4cb2409aaa13777e56891276f25a22dc
nodejs-libs-16.20.1-1.el9_2.aarch64.rpm
SHA-256: a2ca483e012795446270c04c0c8ee1cfe7a3af3f901d954e9bce7b054bf64a4e
nodejs-libs-debuginfo-16.20.1-1.el9_2.aarch64.rpm
SHA-256: f8e6a3f0e350e247faef7a5a126c583b314daf4f4dfc8a9926c3e997340b050e
npm-8.19.4-1.16.20.1.1.el9_2.aarch64.rpm
SHA-256: 042ef95577f1dd4ea05a9833bae7cc651f8f3c1fd3050b4244e9aab394b91355
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
aarch64
nodejs-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 36a14f697bb66600a24fbc2c51e5a0779ffc8239d874998ca9ba402e9b91a820
nodejs-debuginfo-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 703c08a6efff7d1bb84039a646ca1a6b1c64b67c10bcf98b79d33d905adefb47
nodejs-debugsource-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 4a752bb53cd21ff099b549f1d5308c998db1793a183f4916b8ee5aa7ec737aed
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 6616af075ff2dd048559d427969c6f1a4cb2409aaa13777e56891276f25a22dc
nodejs-libs-16.20.1-1.el9_2.aarch64.rpm
SHA-256: a2ca483e012795446270c04c0c8ee1cfe7a3af3f901d954e9bce7b054bf64a4e
nodejs-libs-debuginfo-16.20.1-1.el9_2.aarch64.rpm
SHA-256: f8e6a3f0e350e247faef7a5a126c583b314daf4f4dfc8a9926c3e997340b050e
npm-8.19.4-1.16.20.1.1.el9_2.aarch64.rpm
SHA-256: 042ef95577f1dd4ea05a9833bae7cc651f8f3c1fd3050b4244e9aab394b91355
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
ppc64le
nodejs-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 17d754182700c0f996129812a772245797a1190913928c49a9b9b1ab750e1c40
nodejs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 6f32978e71269736a4899b8f8aa87a65bb6ec6db75cf5490bcca3e564b7d3937
nodejs-debugsource-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: 675b2fc4c3541e0d7fe037e2af69e656521cddba7352e1d7e1122a830e1f5cc4
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: bf644742b5e191d2332209f00554efae9513bdf02bc59d1150c90faa0334f1ac
nodejs-libs-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: b7115b68c8f8b67dff3135e7ce498ff3cf5c8b16f0614e89228b61a3264f8254
nodejs-libs-debuginfo-16.20.1-1.el9_2.ppc64le.rpm
SHA-256: a84004584cb962bf62983cbf90e81647cfb00f790397f81503ed2a510f5fce78
npm-8.19.4-1.16.20.1.1.el9_2.ppc64le.rpm
SHA-256: cdfb83cc7449cc4e73160495345f6ec354a952d8a808a1d49affcf98d231fe55
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
x86_64
nodejs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: b18cf1b3aaf8d1042c4d2c4410b0a4f84ea6233f329e8aeec8810a027bbc88ad
nodejs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: f7deaaad4d94cf8d590bb1ecd890dbd33232264777149ffe137c56238e7c7e08
nodejs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 3e54a4dc038254275cf1a118130da9ac61ae3f3a70db854f321296826bca14a6
nodejs-debugsource-16.20.1-1.el9_2.i686.rpm
SHA-256: e33520149c69907af6db72ef02d7494d371eaf3c7a84a9f439daf15425bb6df6
nodejs-debugsource-16.20.1-1.el9_2.x86_64.rpm
SHA-256: 23f7872deca6f77d7893979d25a9fe2ae926f1a3bf33eee53fc379fe04c35a13
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.x86_64.rpm
SHA-256: d283d02af275c03513ee3260eed22b895c1c020874eb4d21f7fb4f1da4a26dd9
nodejs-libs-16.20.1-1.el9_2.i686.rpm
SHA-256: 620a3e5268104077d158359cda6d0519a4bb220cb6f0c8074ac405f63d6b668c
nodejs-libs-16.20.1-1.el9_2.x86_64.rpm
SHA-256: f9e5c546d888a0e11ee764f2b7f1012d6857d5d5542d3205eb5e9c50670db555
nodejs-libs-debuginfo-16.20.1-1.el9_2.i686.rpm
SHA-256: 8a6343ac386664498b20075f6f436026a30c5a4ce109fb85e3bc577016125343
nodejs-libs-debuginfo-16.20.1-1.el9_2.x86_64.rpm
SHA-256: be44e876f79346c3179a6a23393db5db9b4fed71e12a00189f0006843b70da33
npm-8.19.4-1.16.20.1.1.el9_2.x86_64.rpm
SHA-256: e6b33db3263ecce92d2333e9295d0c82c96e65ff784f07d735a8430ae3f28d58
Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
aarch64
nodejs-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 36a14f697bb66600a24fbc2c51e5a0779ffc8239d874998ca9ba402e9b91a820
nodejs-debuginfo-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 703c08a6efff7d1bb84039a646ca1a6b1c64b67c10bcf98b79d33d905adefb47
nodejs-debugsource-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 4a752bb53cd21ff099b549f1d5308c998db1793a183f4916b8ee5aa7ec737aed
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.aarch64.rpm
SHA-256: 6616af075ff2dd048559d427969c6f1a4cb2409aaa13777e56891276f25a22dc
nodejs-libs-16.20.1-1.el9_2.aarch64.rpm
SHA-256: a2ca483e012795446270c04c0c8ee1cfe7a3af3f901d954e9bce7b054bf64a4e
nodejs-libs-debuginfo-16.20.1-1.el9_2.aarch64.rpm
SHA-256: f8e6a3f0e350e247faef7a5a126c583b314daf4f4dfc8a9926c3e997340b050e
npm-8.19.4-1.16.20.1.1.el9_2.aarch64.rpm
SHA-256: 042ef95577f1dd4ea05a9833bae7cc651f8f3c1fd3050b4244e9aab394b91355
Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.2
SRPM
nodejs-16.20.1-1.el9_2.src.rpm
SHA-256: 043b0306f21d600da1c7a910f59196114cc60963a82e76dd8e02077dc63c78bf
s390x
nodejs-16.20.1-1.el9_2.s390x.rpm
SHA-256: 4910339785dd0d49f9fda996412c3c43857e0e0c79e8eaf598cd9f0b469fc872
nodejs-debuginfo-16.20.1-1.el9_2.s390x.rpm
SHA-256: dc7c7a522b287068c9a303b20763552ed55165324d882b830b58abb2883c227d
nodejs-debugsource-16.20.1-1.el9_2.s390x.rpm
SHA-256: 86c08b294b2c07098254a65eb6d6a0de12f8805050749c30a9b5b35d03c26e79
nodejs-docs-16.20.1-1.el9_2.noarch.rpm
SHA-256: 1568e9793deb7ed714cab1e64e44b552fe9e23be65fce564c1822a9f6ff2ef5b
nodejs-full-i18n-16.20.1-1.el9_2.s390x.rpm
SHA-256: b5e5b412ac6e91d0ebcf5faeba646b6f2affa48ba7b8d8a2fcdd2e2eed23a8df
nodejs-libs-16.20.1-1.el9_2.s390x.rpm
SHA-256: aa03a3e543fe7c31b7d0ccd317f51facd137abce21ddabb6ffb4ea608e371734
nodejs-libs-debuginfo-16.20.1-1.el9_2.s390x.rpm
SHA-256: eb0108c63759c12fe1abf465c9f434ffaf372fcac58bfb295ceb0a0f793d879c
npm-8.19.4-1.16.20.1.1.el9_2.s390x.rpm
SHA-256: 7f7a227132769dfcca24d81dc20a47447ea95cff3a3866664b8810e471462eba
Related news
Ubuntu Security Notice 6735-1 - It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10.
Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.
The use of __proto__ in process.mainModule.__proto__.require() can bypass the policy mechanism and require modules outside of the policy.json definition. This vulnerability affects all users using the experimental policy mechanism in all active release lines: v16, v18 and, v20. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js
IBM Cognos Dashboards on Cloud Pak for Data 4.7.0 could allow a remote attacker to bypass security restrictions, caused by a reverse tabnabbing flaw. An attacker could exploit this vulnerability and redirect a victim to a phishing site. IBM X-Force ID: 262482.
Vulnerability in the Sun ZFS Storage Appliance product of Oracle Systems (component: Core). The supported version that is affected is 8.8.60. Difficult to exploit vulnerability allows unauthenticated attacker with network access via HTTP to compromise Sun ZFS Storage Appliance. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Sun ZFS Storage Appliance. CVSS 3.1 Base Score 5.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H).
Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2022-25881: A flaw was found in http-cache-se...
Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting ...
Red Hat Security Advisory 2023-4536-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4537-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to de...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2023-30581: No description is available for this CVE. * CVE-2023-30588: No description is available for this CVE. * CVE-2023-30589: The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to de...
Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4330-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
Red Hat Security Advisory 2023-4331-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling and bypass vulnerabilities.
aiohttp is an asynchronous HTTP client/server framework for asyncio and Python. aiohttp v3.8.4 and earlier are bundled with llhttp v6.0.6. Vulnerable code is used by aiohttp for its HTTP request parser when available which is the default case when installing from a wheel. This vulnerability only affects users of aiohttp as an HTTP server (ie `aiohttp.Application`), you are not affected by this vulnerability if you are using aiohttp as an HTTP client library (ie `aiohttp.ClientSession`). Sending a crafted HTTP request will cause the server to misinterpret one of the HTTP header values leading to HTTP request smuggling. This issue has been addressed in version 3.8.5. Users are advised to upgrade. Users unable to upgrade can reinstall aiohttp using `AIOHTTP_NO_EXTENSIONS=1` as an environment variable to disable the llhttp HTTP request parser implementation. The pure Python implementation isn't vulnerable.
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). The CR character (without LF) is sufficient to delimit HTTP header fields in the llhttp parser. According to RFC7230 section 3, only the CRLF sequence should delimit each header-field. This impacts all Node.js active versions: v16, v18, and, v20