Headline
RHSA-2023:5360: Red Hat Security Advisory: nodejs:16 security, bug fix, and enhancement update
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
Related CVEs:
- CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the ‘new Range’ function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service.
- CVE-2023-32002: A vulnerability was found in NodeJS. This security issue occurs as the use of Module._load() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
- CVE-2023-32006: A vulnerability was found in NodeJS. This security issue occurs as the use of module.constructor.createRequire() can bypass the policy mechanism and require modules outside of the policy.json definition for a given module.
- CVE-2023-32559: A vulnerability was found in NodeJS. This security issue occurs as the use of the deprecated API process.binding() can bypass the policy mechanism by requiring internal modules and eventually take advantage of process.binding(‘spawn_sync’) to run arbitrary code outside of the limits defined in a policy.json file.
Synopsis
Important: nodejs:16 security, bug fix, and enhancement update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
View affected systems
Topic
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (16). (BZ#2233891)
Security Fix(es):
- nodejs: Permissions policies can be bypassed via Module._load (CVE-2023-32002)
- nodejs-semver: Regular expression denial of service (CVE-2022-25883)
- nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire() (CVE-2023-32006)
- nodejs: Permissions policies can be bypassed via process.binding (CVE-2023-32559)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- nodejs:16/nodejs: nodejs.prov doesn’t generate the bundled dependency for modules starting @ like @colors/colors (BZ#2237394)
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8 ppc64le
- Red Hat Enterprise Linux Server - TUS 8.8 x86_64
- Red Hat Enterprise Linux for ARM 64 8 aarch64
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8 x86_64
Fixes
- BZ - 2216475 - CVE-2022-25883 nodejs-semver: Regular expression denial of service
- BZ - 2230948 - CVE-2023-32002 nodejs: Permissions policies can be bypassed via Module._load
- BZ - 2230955 - CVE-2023-32006 nodejs: Permissions policies can impersonate other modules in using module.constructor.createRequire()
- BZ - 2230956 - CVE-2023-32559 nodejs: Permissions policies can be bypassed via process.binding
- BZ - 2233891 - nodejs:16/nodejs: Rebase to the latest Nodejs 16 release [rhel-8] [rhel-8.8.0.z]
- BZ - 2237394 - nodejs:16/nodejs: nodejs.prov doesn’t generate the bundled dependency for modules starting @ like @colors/colors [rhel-8.8.0.z]
CVEs
- CVE-2022-25883
- CVE-2023-32002
- CVE-2023-32006
- CVE-2023-32559
Red Hat Enterprise Linux for x86_64 8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
x86_64
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: abdda9e6a63786e5eb352066010312c870c637069e20abfdf5f4c6c6646514d7
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 61ef121f3ef46ec460f733590d2c113550c60730db17a379ba3bdd13b6fbb27e
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 6a8ef170fcefb7a66e19567ee4b3a1b0eaa9e9ec858eff263c09ed6f21af3733
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: ec2e87527d72461c9726bc9f645c31696a81f105baa2323e229ec5fb82bcbfea
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: f54d055ddc7183496cc9a43464f615011c4e0e7a7e5c75a45f4c54f7385dbd02
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 9bcb31cd60f57fd8e5bcb14f0b41c79564d3cc5cbc1c19288fbc07472d70bf72
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
x86_64
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: abdda9e6a63786e5eb352066010312c870c637069e20abfdf5f4c6c6646514d7
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 61ef121f3ef46ec460f733590d2c113550c60730db17a379ba3bdd13b6fbb27e
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 6a8ef170fcefb7a66e19567ee4b3a1b0eaa9e9ec858eff263c09ed6f21af3733
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: ec2e87527d72461c9726bc9f645c31696a81f105baa2323e229ec5fb82bcbfea
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: f54d055ddc7183496cc9a43464f615011c4e0e7a7e5c75a45f4c54f7385dbd02
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 9bcb31cd60f57fd8e5bcb14f0b41c79564d3cc5cbc1c19288fbc07472d70bf72
Red Hat Enterprise Linux for IBM z Systems 8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
s390x
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 2f33b3a4dace841b52602a90c966e2b0887d9cb0a10511edc5f707241e98994d
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 77ef615cb13e5198176c7f8bac2bca5edd5c08e6b1cdbbf3a92b2ecdd52db3a8
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 4ab034fdbafc55509dcf1a9f10c57aa5fb5fa6251bf4efd642020d2392a97270
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: acaa75ad83027e86216fd4cc0bdbc0fa0214f7b4b31a51365b533f618ae09a9c
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 2196f9a23fdb63daa21d1f7323daaae5e78149b49e092a1056cfa108906a80e0
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 7497a18e0f7def10db4711b899bd58170fe9719599d118ae7e5f5cf597ce549a
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
s390x
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 2f33b3a4dace841b52602a90c966e2b0887d9cb0a10511edc5f707241e98994d
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 77ef615cb13e5198176c7f8bac2bca5edd5c08e6b1cdbbf3a92b2ecdd52db3a8
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 4ab034fdbafc55509dcf1a9f10c57aa5fb5fa6251bf4efd642020d2392a97270
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: acaa75ad83027e86216fd4cc0bdbc0fa0214f7b4b31a51365b533f618ae09a9c
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 2196f9a23fdb63daa21d1f7323daaae5e78149b49e092a1056cfa108906a80e0
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.s390x.rpm
SHA-256: 7497a18e0f7def10db4711b899bd58170fe9719599d118ae7e5f5cf597ce549a
Red Hat Enterprise Linux for Power, little endian 8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
ppc64le
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 11f0e3f3d7db721705f9a0176713d3a9027ec4351e828fa4c61126452db9a22c
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 644ba61ee5aa71bba09788ba4339088302a8d513d4e700acd9f34e6a5f072e9e
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 6b849722d4629c13bb40088974150b3a0500fa040fb571e89e58b73929a134d8
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 5baabf7ed0a791bb3360c8613d31794eee1d3c6e8de1c8c1222b52cfb5648de3
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 7681cd153f6398053d80299a4cd8e8f522222a21459b0c2667bb37895691a6b1
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 97dc128c040a09548ac5949b7d45f7d3e581f5f0ee0ee80904236a03a2a1c24c
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
ppc64le
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 11f0e3f3d7db721705f9a0176713d3a9027ec4351e828fa4c61126452db9a22c
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 644ba61ee5aa71bba09788ba4339088302a8d513d4e700acd9f34e6a5f072e9e
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 6b849722d4629c13bb40088974150b3a0500fa040fb571e89e58b73929a134d8
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 5baabf7ed0a791bb3360c8613d31794eee1d3c6e8de1c8c1222b52cfb5648de3
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 7681cd153f6398053d80299a4cd8e8f522222a21459b0c2667bb37895691a6b1
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 97dc128c040a09548ac5949b7d45f7d3e581f5f0ee0ee80904236a03a2a1c24c
Red Hat Enterprise Linux Server - TUS 8.8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
x86_64
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: abdda9e6a63786e5eb352066010312c870c637069e20abfdf5f4c6c6646514d7
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 61ef121f3ef46ec460f733590d2c113550c60730db17a379ba3bdd13b6fbb27e
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 6a8ef170fcefb7a66e19567ee4b3a1b0eaa9e9ec858eff263c09ed6f21af3733
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: ec2e87527d72461c9726bc9f645c31696a81f105baa2323e229ec5fb82bcbfea
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: f54d055ddc7183496cc9a43464f615011c4e0e7a7e5c75a45f4c54f7385dbd02
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 9bcb31cd60f57fd8e5bcb14f0b41c79564d3cc5cbc1c19288fbc07472d70bf72
Red Hat Enterprise Linux for ARM 64 8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
aarch64
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: 2ff93321dfc450509abb39285740af2bdb846d3fb7c17bfb69103470a9a50922
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: a2f239aae1204c4d0acbac4fc288bf5f3ee1d0aa56de13ab77133c0b1b9d9057
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: 1c8de0d7bc8b2886eecea948a5f0c2d9a442dca3c6adcf2397598ca0ae1a815d
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: 3beb8fa1c4346b8c221a672abd32f8a500d4eaaaded03624ca5aab45ba29f584
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: a8d08ab08028514cca649d40cacd1c398def8bf03280f82e6b0079730d15c836
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: f9474d4ccbb39fa4fb20b3b0a69a0b11102dbd01b1c37ac493355b431574d0e9
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
aarch64
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: 2ff93321dfc450509abb39285740af2bdb846d3fb7c17bfb69103470a9a50922
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: a2f239aae1204c4d0acbac4fc288bf5f3ee1d0aa56de13ab77133c0b1b9d9057
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: 1c8de0d7bc8b2886eecea948a5f0c2d9a442dca3c6adcf2397598ca0ae1a815d
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: 3beb8fa1c4346b8c221a672abd32f8a500d4eaaaded03624ca5aab45ba29f584
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: a8d08ab08028514cca649d40cacd1c398def8bf03280f82e6b0079730d15c836
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.aarch64.rpm
SHA-256: f9474d4ccbb39fa4fb20b3b0a69a0b11102dbd01b1c37ac493355b431574d0e9
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
ppc64le
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 11f0e3f3d7db721705f9a0176713d3a9027ec4351e828fa4c61126452db9a22c
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 644ba61ee5aa71bba09788ba4339088302a8d513d4e700acd9f34e6a5f072e9e
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 6b849722d4629c13bb40088974150b3a0500fa040fb571e89e58b73929a134d8
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 5baabf7ed0a791bb3360c8613d31794eee1d3c6e8de1c8c1222b52cfb5648de3
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 7681cd153f6398053d80299a4cd8e8f522222a21459b0c2667bb37895691a6b1
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.ppc64le.rpm
SHA-256: 97dc128c040a09548ac5949b7d45f7d3e581f5f0ee0ee80904236a03a2a1c24c
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.8
SRPM
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.src.rpm
SHA-256: 78b580a854c4db0b962a7dddfefb5e474be0d289796666bb67a41bdecb9b8284
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.src.rpm
SHA-256: 1ebdeeae6ca30c544104124b1580cdf52905cbb6269972278de2d2207ce61d10
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.src.rpm
SHA-256: bdaf873380ef1e8cbba260408de061175ffdcb1954e05be0dbc220e1d1036f7c
x86_64
nodejs-docs-16.20.2-2.module+el8.8.0+19898+ab99ba34.noarch.rpm
SHA-256: 547c21e9a8b3fa533a8ebf9b4fe8cd6f12519df5c32e89f2eafc7190cbfbdbcd
nodejs-nodemon-3.0.1-1.module+el8.8.0+19764+7eed1ca3.noarch.rpm
SHA-256: a7d7a59963cc746d52f470b2c7c8cc2f50b9abc684071aa205d4faff1e1c8522
nodejs-packaging-26-1.module+el8.8.0+19857+6d2a104d.noarch.rpm
SHA-256: bd77288c2950311aaf1582c74e408acbb765d9aca00f089f449649762de12bdb
nodejs-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: abdda9e6a63786e5eb352066010312c870c637069e20abfdf5f4c6c6646514d7
nodejs-debuginfo-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 61ef121f3ef46ec460f733590d2c113550c60730db17a379ba3bdd13b6fbb27e
nodejs-debugsource-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 6a8ef170fcefb7a66e19567ee4b3a1b0eaa9e9ec858eff263c09ed6f21af3733
nodejs-devel-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: ec2e87527d72461c9726bc9f645c31696a81f105baa2323e229ec5fb82bcbfea
nodejs-full-i18n-16.20.2-2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: f54d055ddc7183496cc9a43464f615011c4e0e7a7e5c75a45f4c54f7385dbd02
npm-8.19.4-1.16.20.2.2.module+el8.8.0+19898+ab99ba34.x86_64.rpm
SHA-256: 9bcb31cd60f57fd8e5bcb14f0b41c79564d3cc5cbc1c19288fbc07472d70bf72
Related news
Red Hat Security Advisory 2024-6044-03 - Red Hat Advanced Cluster Management for Kubernetes 2.11.2 General Availability release images, which fix bugs and update container images. Issues addressed include a denial of service vulnerability.
Ubuntu Security Notice 6822-1 - It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to bypass the policy mechanism. It was discovered that Node.js incorrectly handled certain inputs when it is using the policy mechanism. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to perform a privilege escalation.
Gentoo Linux Security Advisory 202405-29 - Multiple vulnerabilities have been discovered in Node.js. Versions greater than or equal to 16.20.2 are affected.
Red Hat Security Advisory 2024-0719-03 - Migration Toolkit for Runtimes 1.2.4 release. Issues addressed include a denial of service vulnerability.
Debian Linux Security Advisory 5589-1 - Multiple vulnerabilities were discovered in Node.js, which could result in HTTP request smuggling, bypass of policy feature checks, denial of service or loading of incorrect ICU data.
IBM QRadar WinCollect Agent 10.0 through 10.1.7 could allow a privileged user to obtain sensitive information due to missing best practices. IBM X-Force ID: 213551.
Red Hat Security Advisory 2023-5533-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The package has been upgraded to a later upstream version: nodejs. Issues addressed include HTTP request smuggling, buffer overflow, bypass, crlf injection, and denial of service vulnerabilities.
An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-4904: A flaw was found in the c-ares package. The ares_set_sortlist is missing checks about the validity of the input string, which allows a possible arbitrary length stack overflow. This issue may cause a denial of service or a limited impact on confidentiality and integrity. * CVE-2022-25881: A flaw was found in http-cache-se...
Red Hat Security Advisory 2023-5488-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
Red Hat Security Advisory 2023-5484-01 - Red Hat JBoss Enterprise Application Platform 7 is a platform for Java applications based on the WildFly application runtime. This release of Red Hat JBoss Enterprise Application Platform 7.4.13 serves as a replacement for Red Hat JBoss Enterprise Application Platform 7.4.12 and includes bug fixes and enhancements. See the Red Hat JBoss Enterprise Application Platform 7.4.13 Release Notes for information about the most significant bug fixes and enhancements included in this release. Issues addressed include denial of service and deserialization vulnerabilities.
A security update is now available for Red Hat JBoss Enterprise Application Platform 7.4. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of servi...
Red Hat Security Advisory 2023-5379-01 - Network Observability 1.4.0. Issues addressed include a denial of service vulnerability.
Network Observability is an OpenShift operator that deploys a monitoring pipeline to collect and enrich network flows that are produced by the Network Observability eBPF agent. The operator provides dashboards, metrics, and keeps flows accessible in a queryable log store, Grafana Loki. When a FlowCollector is deployed, new dashboards are available in the Console. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulne...
Red Hat Security Advisory 2023-5362-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5361-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include HTTP request smuggling, bypass, and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5360-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
Red Hat Security Advisory 2023-5363-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include bypass and denial of service vulnerabilities.
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * ...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * ...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * ...
An update for the nodejs:18 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * ...
An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting ...
A privilege escalation vulnerability exists in the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. The use of the deprecated API `process.binding()` can bypass the policy mechanism by requiring internal modules and eventually take advantage of `process.binding('spawn_sync')` run arbitrary code, outside of the limits defined in a `policy.json` file. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
The use of `Module._load()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
The use of `module.constructor.createRequire()` can bypass the policy mechanism and require modules outside of the policy.json definition for a given module. This vulnerability affects all users using the experimental policy mechanism in all active release lines: 16.x, 18.x, and, 20.x. Please note that at the time this CVE was issued, the policy is an experimental feature of Node.js.
Red Hat Security Advisory 2023-4341-01 - Red Hat OpenShift bug fix and security update. Red Hat Product Security has rated this update as having a security impact of Low. Issues addressed include a denial of service vulnerability.
Logging Subsystem 5.7.4 - Red Hat OpenShift Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original. Related CVEs: * CVE-2022-25883: A Regular Expression Denial of Service (ReDoS) vulnerability was discovered in node-semver package via the 'new Range' function. This issue could allow an attacker to pass untrusted malicious regex user data as a range, causing the service to excessively consume CPU depending upon the input size, resulting in a denial of service. * CVE-2023-22796: A flaw was found in rubygem-ac...
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.
Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.