An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.
* CVE-2023-31130: A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().
* CVE-2023-31147: A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.
* CVE-2023-32067: A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.


Skip to navigation Skip to main content

**Utilities**

*   Subscriptions
*   Downloads
*   Containers
*   Support Cases

**Infrastructure and Management**

*   Red Hat Enterprise Linux
*   Red Hat Satellite
*   Red Hat Subscription Management
*   Red Hat Insights
*   Red Hat Ansible Automation Platform

**Cloud Computing**

*   Red Hat OpenShift
*   Red Hat OpenStack Platform
*   Red Hat OpenShift Container Platform
*   Red Hat OpenShift Data Science
*   Red Hat OpenShift Dedicated
*   Red Hat Advanced Cluster Security for Kubernetes
*   Red Hat Advanced Cluster Management for Kubernetes
*   Red Hat Quay
*   Red Hat CodeReady Workspaces
*   Red Hat OpenShift Service on AWS

**Storage**

*   Red Hat Gluster Storage
*   Red Hat Hyperconverged Infrastructure
*   Red Hat Ceph Storage
*   Red Hat OpenShift Data Foundation

**Runtimes**

*   Red Hat Runtimes
*   Red Hat JBoss Enterprise Application Platform
*   Red Hat Data Grid
*   Red Hat JBoss Web Server
*   Red Hat Single Sign On
*   Red Hat support for Spring Boot
*   Red Hat build of Node.js
*   Red Hat build of Quarkus

**Integration and Automation**

All Products

Issued:

2023-07-12

Updated:

2023-07-12

**RHSA-2023:4039 - Security Advisory**

*   Overview
*   Updated Packages

**Synopsis**

Important: rh-nodejs14-nodejs security update

**Type/Severity**

Security Advisory: Important

**Red Hat Insights patch analysis**

Identify and remediate systems affected by this advisory.

View affected systems

**Topic**

An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.  

Security Fix(es):  

*   c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
*   c-ares: Buffer Underwrite in ares\_inet\_net\_pton() (CVE-2023-31130)
*   c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
*   c-ares: AutoTools does not set CARES\_RANDOM\_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Affected Products**

*   Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86\_64
*   Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
*   Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
*   Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86\_64

**Fixes**

*   BZ - 2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES\_RANDOM\_FILE during cross compilation
*   BZ - 2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares\_inet\_net\_pton()
*   BZ - 2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs
*   BZ - 2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

**CVEs**

*   CVE-2023-31124
*   CVE-2023-31130
*   CVE-2023-31147
*   CVE-2023-32067

**Red Hat Software Collections (for RHEL Server) 1 for RHEL 7**

SRPM

rh-nodejs14-nodejs-14.21.3-4.el7.src.rpm

SHA-256: 246a1a64687dbf1bcf9cfa513a154aebd29bcde4b3895f80783f17c1c6b30c8f

x86\_64

rh-nodejs14-nodejs-14.21.3-4.el7.x86\_64.rpm

SHA-256: cea865c4043db256ba7aa7ea9904aa97e1c90e2310f513d46fc314eac9220059

rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.x86\_64.rpm

SHA-256: 69602cd263f49f2b04946c91341c95ec0676cabcf52d60a7d5277cbed4198260

rh-nodejs14-nodejs-devel-14.21.3-4.el7.x86\_64.rpm

SHA-256: 8c68636e5ec378e21994e30d42367ebf982618b262ecb44c98d6006b15ad503a

rh-nodejs14-nodejs-docs-14.21.3-4.el7.noarch.rpm

SHA-256: 2fdd6ee52631e08467fea2fd391ba17be10c097f330f084b544694bc61be5370

rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.x86\_64.rpm

SHA-256: c499ac4248c372bffe1be7ba06e57c552bf80d9d9460b364e2d2c17b18f91e3f

rh-nodejs14-npm-6.14.18-14.21.3.4.el7.x86\_64.rpm

SHA-256: c55d644c5111f0c35920199f71231b976fea1dc995e53399aff940466f9bf626

**Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7**

SRPM

rh-nodejs14-nodejs-14.21.3-4.el7.src.rpm

SHA-256: 246a1a64687dbf1bcf9cfa513a154aebd29bcde4b3895f80783f17c1c6b30c8f

s390x

rh-nodejs14-nodejs-14.21.3-4.el7.s390x.rpm

SHA-256: ce9bed05b19a2027a032c074ca63382b7c08e642e353b5cc2ae7c5365c1079fe

rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.s390x.rpm

SHA-256: eaab494fea3de583dd972e5b32a34ff4261db216d8b710d1eb39c053e5b56d4f

rh-nodejs14-nodejs-devel-14.21.3-4.el7.s390x.rpm

SHA-256: e9ac031245164d1c7a6c63f88391d22308ecb3ee7a91fdb7d4db8b0148dbd11c

rh-nodejs14-nodejs-docs-14.21.3-4.el7.noarch.rpm

SHA-256: 2fdd6ee52631e08467fea2fd391ba17be10c097f330f084b544694bc61be5370

rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.s390x.rpm

SHA-256: 8b91a46b5c6f535ea619437d7bdbfa0af7a16c9a27867b974c33cb5d81707c4c

rh-nodejs14-npm-6.14.18-14.21.3.4.el7.s390x.rpm

SHA-256: 4eaa3670766d415f1830de53a6a69ff3bd917fa9418ab98610201c2ac4f4136f

**Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7**

SRPM

rh-nodejs14-nodejs-14.21.3-4.el7.src.rpm

SHA-256: 246a1a64687dbf1bcf9cfa513a154aebd29bcde4b3895f80783f17c1c6b30c8f

ppc64le

rh-nodejs14-nodejs-14.21.3-4.el7.ppc64le.rpm

SHA-256: 3e6ce6d68167dd7ca760bc15cd2ad8844403f6507eb5d0a08b7a1db039094b4d

rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.ppc64le.rpm

SHA-256: 8e714537315ae607b98712caf8a240e864fed2d5bdf50f408d89e2b737081b9d

rh-nodejs14-nodejs-devel-14.21.3-4.el7.ppc64le.rpm

SHA-256: d43d48565426e7fab5d1c792a4574efdd07845f2f6d4d48ffc9c04a2ac961369

rh-nodejs14-nodejs-docs-14.21.3-4.el7.noarch.rpm

SHA-256: 2fdd6ee52631e08467fea2fd391ba17be10c097f330f084b544694bc61be5370

rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.ppc64le.rpm

SHA-256: 7b4abf5798377a9ce436fe29e0a883bb908b98633ae5e200414dfd06730eb3ef

rh-nodejs14-npm-6.14.18-14.21.3.4.el7.ppc64le.rpm

SHA-256: fc4b7099470a0b6ccb11eeed737a8dea02a304b22d9af01dc96e9092904c5097

**Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7**

SRPM

rh-nodejs14-nodejs-14.21.3-4.el7.src.rpm

SHA-256: 246a1a64687dbf1bcf9cfa513a154aebd29bcde4b3895f80783f17c1c6b30c8f

x86\_64

rh-nodejs14-nodejs-14.21.3-4.el7.x86\_64.rpm

SHA-256: cea865c4043db256ba7aa7ea9904aa97e1c90e2310f513d46fc314eac9220059

rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.x86\_64.rpm

SHA-256: 69602cd263f49f2b04946c91341c95ec0676cabcf52d60a7d5277cbed4198260

rh-nodejs14-nodejs-devel-14.21.3-4.el7.x86\_64.rpm

SHA-256: 8c68636e5ec378e21994e30d42367ebf982618b262ecb44c98d6006b15ad503a

rh-nodejs14-nodejs-docs-14.21.3-4.el7.noarch.rpm

SHA-256: 2fdd6ee52631e08467fea2fd391ba17be10c097f330f084b544694bc61be5370

rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.x86\_64.rpm

SHA-256: c499ac4248c372bffe1be7ba06e57c552bf80d9d9460b364e2d2c17b18f91e3f

rh-nodejs14-npm-6.14.18-14.21.3.4.el7.x86\_64.rpm

SHA-256: c55d644c5111f0c35920199f71231b976fea1dc995e53399aff940466f9bf626

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

RHSA-2023:4039: Red Hat Security Advisory: rh-nodejs14-nodejs security update

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

Related CVEs:
* CVE-2023-31124: A flaw was found in c-ares. This issue occurs when cross-compiling c-ares and using the autotools build system, CARES_RANDOM_FILE will not be set, as seen when cross-compiling aarch64 android. As a result, it will downgrade to rand(), which could allow an attacker to utilize the lack of entropy by not using a CSPRNG.
* CVE-2023-31130: A vulnerability was found in c-ares. This issue occurs in the ares_inet_net_pton() function, which is vulnerable to a buffer underflow for certain ipv6 addresses. "0::00:00:00/2" in particular was found to cause an issue. C-ares only uses this function internally for configuration purposes, which would require an administrator to configure such an address via ares_set_sortlist().
* CVE-2023-31147: A vulnerability was found in c-ares. This issue occurs when /dev/urandom or RtlGenRandom() are unavailable, c-ares will use rand() to generate random numbers used for DNS query ids. This is not a CSPRNG, and it is also not seeded by srand(), so it will generate predictable output.
* CVE-2023-32067: A vulnerability was found in c-ares. This issue occurs due to a 0-byte UDP payload that can cause a Denial of Service.


**Synopsis**

Important: nodejs security update

**Type / Sévérité**

Security Advisory: Important

**Analyse des correctifs dans Red Hat Insights**

Identifiez et remédiez aux systèmes concernés par cette alerte.

Voir les systèmes concernés

**Sujet**

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.  

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

**Description**

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.  

Security Fix(es):  

*   c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
*   c-ares: Buffer Underwrite in ares\_inet\_net\_pton() (CVE-2023-31130)
*   c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
*   c-ares: AutoTools does not set CARES\_RANDOM\_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

**Produits concernés**

*   Red Hat Enterprise Linux for x86\_64 - Extended Update Support 9.0 x86\_64
*   Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
*   Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
*   Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
*   Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
*   Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 9.0 x86\_64
*   Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0 aarch64
*   Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0 s390x

**Correctifs**

*   BZ - 2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES\_RANDOM\_FILE during cross compilation
*   BZ - 2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares\_inet\_net\_pton()
*   BZ - 2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs
*   BZ - 2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

**CVE**

*   CVE-2023-31124
*   CVE-2023-31130
*   CVE-2023-31147
*   CVE-2023-32067

**Red Hat Enterprise Linux for x86\_64 - Extended Update Support 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

x86\_64

nodejs-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: b4db5a23b7f72c1a047b27a0e04c0b0d7ba19860ea924f3a957bbd38601b11b5

nodejs-debuginfo-16.18.1-4.el9\_0.i686.rpm

SHA-256: 4234ffc279b4827794ac456c4f7faf3153453d344a9a761a008fb849a4dd1e59

nodejs-debuginfo-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: a8c375832077ece611f7fab99e880c4c3796834feb6f72ca5972292b5616e100

nodejs-debugsource-16.18.1-4.el9\_0.i686.rpm

SHA-256: 86c432882c75cb65f4582af355bb30284ae603f13415ecab751fd9fde736b1d7

nodejs-debugsource-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 49aec6773c004fe7bff757ba13dd0fbc92435302e9652887f7305e06d2014ba1

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 4f81c8910fcb5c57a7851a05fa041826860baa0b193da409285f421d7e5c2492

nodejs-libs-16.18.1-4.el9\_0.i686.rpm

SHA-256: ef227d254b5ff86449188f46a13bbc7be2bae986b0100bc35343d4f3995e2842

nodejs-libs-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 4843242505afc9b4f62816d1245e45dee599a2f9dc1079d6fb5609e130dd78f5

nodejs-libs-debuginfo-16.18.1-4.el9\_0.i686.rpm

SHA-256: 05fb6dff9712ef0e33e58de3d42579dcce252ede5141a718e07a09116e712edc

nodejs-libs-debuginfo-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 229626aee27501bdd946cefb5d93e00efec4b1e6d418e106a0458403f2eb33f8

npm-8.19.2-1.16.18.1.4.el9\_0.x86\_64.rpm

SHA-256: aed9fad6e8a7a932eba743711bb53b4d684faa1fb398bdb3e0a8380154e89b87

**Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

s390x

nodejs-16.18.1-4.el9\_0.s390x.rpm

SHA-256: da00e7b5f20d9d5b11fde8d4e45e35472e623f6e3ede33bbabc1b6f465c07ce0

nodejs-debuginfo-16.18.1-4.el9\_0.s390x.rpm

SHA-256: bfb4575baf4f5a3134546b3ea445dcc4de85347cb62ad526784e15e198d4beda

nodejs-debugsource-16.18.1-4.el9\_0.s390x.rpm

SHA-256: 35e790484df2a8a0dd322e0b2970cd97c2a52fdceebd18ddd25a3110e4250f17

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.s390x.rpm

SHA-256: d8d4400c98b991f2f10e998f5cf186262d4c5c5432a943ea5dafe6606f5e3349

nodejs-libs-16.18.1-4.el9\_0.s390x.rpm

SHA-256: 6c2b318ecf7ce0631ecaa256f165dbc566ff5fd2ef67a1c8074e1869b77f6b8d

nodejs-libs-debuginfo-16.18.1-4.el9\_0.s390x.rpm

SHA-256: acc0f43a87f2705060e4984c6268c37081cb53374da9015354bb12da2866486b

npm-8.19.2-1.16.18.1.4.el9\_0.s390x.rpm

SHA-256: af091dede33d6b96b5b3ed65e7a3b24bffe74d9cdbd27a0b1f2d81a82ba2981f

**Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

ppc64le

nodejs-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: a912afd4671810867f4c0eb5d09c1f45fe8d5501c85d5040d4b1de892129ea51

nodejs-debuginfo-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: e5ba8d12fedc60569cf6c69753a5ee41b4a41617d376db342fd98751eab57ee0

nodejs-debugsource-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: 4c6f94050ac3d4f15a48198acdd0ea5670768902821bd97d9aaf1e79c748d71f

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: dffd869ed788293a1c1f9898861743729ecadd29449aa99588e68ffb21b4816b

nodejs-libs-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: ce80fbf3d7bf0037e6d795c9551178b68063af59c01cb5606a925ed97ef3a4e6

nodejs-libs-debuginfo-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: 26eb0c4a10d320accb336253aab3b0eb9303b2c33deb2c2624f9c999f3285857

npm-8.19.2-1.16.18.1.4.el9\_0.ppc64le.rpm

SHA-256: 670c08aee29e03ca6130399e7ada703a0cc926f9ee2b291a991efb9f19fbc89d

**Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

aarch64

nodejs-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: 837af5c837abe23e779913d94a46878bebb9828b033f08fd60e239fb758ad04a

nodejs-debuginfo-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: e2deb31bdfcac08c190c589d5ce73781a36e48bc6381cf00f83d7f4132994b4c

nodejs-debugsource-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: cf48aa3df82d77429296c7af958180f111b2418ad87263334a699f025abac231

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: f3d7331bdffa9e03da8b5573496ad3e29ff6997f8dd61bcc3405a85a26ab7df5

nodejs-libs-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: ab713712fff7bca04cf2ca72cb0fabce3aed06f25f350b64d1fa5bd80242c655

nodejs-libs-debuginfo-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: 0bdb8616ae9e703e41f891fbe29d230fab98f74c6453ec3ab64ab694b641c1bb

npm-8.19.2-1.16.18.1.4.el9\_0.aarch64.rpm

SHA-256: fd42e97fbab2d8d451c5663ed1ea15bfa94948f2573e0c36ebbd538ec5d562bc

**Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

ppc64le

nodejs-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: a912afd4671810867f4c0eb5d09c1f45fe8d5501c85d5040d4b1de892129ea51

nodejs-debuginfo-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: e5ba8d12fedc60569cf6c69753a5ee41b4a41617d376db342fd98751eab57ee0

nodejs-debugsource-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: 4c6f94050ac3d4f15a48198acdd0ea5670768902821bd97d9aaf1e79c748d71f

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: dffd869ed788293a1c1f9898861743729ecadd29449aa99588e68ffb21b4816b

nodejs-libs-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: ce80fbf3d7bf0037e6d795c9551178b68063af59c01cb5606a925ed97ef3a4e6

nodejs-libs-debuginfo-16.18.1-4.el9\_0.ppc64le.rpm

SHA-256: 26eb0c4a10d320accb336253aab3b0eb9303b2c33deb2c2624f9c999f3285857

npm-8.19.2-1.16.18.1.4.el9\_0.ppc64le.rpm

SHA-256: 670c08aee29e03ca6130399e7ada703a0cc926f9ee2b291a991efb9f19fbc89d

**Red Hat Enterprise Linux for x86\_64 - Update Services for SAP Solutions 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

x86\_64

nodejs-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: b4db5a23b7f72c1a047b27a0e04c0b0d7ba19860ea924f3a957bbd38601b11b5

nodejs-debuginfo-16.18.1-4.el9\_0.i686.rpm

SHA-256: 4234ffc279b4827794ac456c4f7faf3153453d344a9a761a008fb849a4dd1e59

nodejs-debuginfo-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: a8c375832077ece611f7fab99e880c4c3796834feb6f72ca5972292b5616e100

nodejs-debugsource-16.18.1-4.el9\_0.i686.rpm

SHA-256: 86c432882c75cb65f4582af355bb30284ae603f13415ecab751fd9fde736b1d7

nodejs-debugsource-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 49aec6773c004fe7bff757ba13dd0fbc92435302e9652887f7305e06d2014ba1

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 4f81c8910fcb5c57a7851a05fa041826860baa0b193da409285f421d7e5c2492

nodejs-libs-16.18.1-4.el9\_0.i686.rpm

SHA-256: ef227d254b5ff86449188f46a13bbc7be2bae986b0100bc35343d4f3995e2842

nodejs-libs-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 4843242505afc9b4f62816d1245e45dee599a2f9dc1079d6fb5609e130dd78f5

nodejs-libs-debuginfo-16.18.1-4.el9\_0.i686.rpm

SHA-256: 05fb6dff9712ef0e33e58de3d42579dcce252ede5141a718e07a09116e712edc

nodejs-libs-debuginfo-16.18.1-4.el9\_0.x86\_64.rpm

SHA-256: 229626aee27501bdd946cefb5d93e00efec4b1e6d418e106a0458403f2eb33f8

npm-8.19.2-1.16.18.1.4.el9\_0.x86\_64.rpm

SHA-256: aed9fad6e8a7a932eba743711bb53b4d684faa1fb398bdb3e0a8380154e89b87

**Red Hat Enterprise Linux Server for ARM 64 - 4 years of updates 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

aarch64

nodejs-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: 837af5c837abe23e779913d94a46878bebb9828b033f08fd60e239fb758ad04a

nodejs-debuginfo-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: e2deb31bdfcac08c190c589d5ce73781a36e48bc6381cf00f83d7f4132994b4c

nodejs-debugsource-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: cf48aa3df82d77429296c7af958180f111b2418ad87263334a699f025abac231

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: f3d7331bdffa9e03da8b5573496ad3e29ff6997f8dd61bcc3405a85a26ab7df5

nodejs-libs-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: ab713712fff7bca04cf2ca72cb0fabce3aed06f25f350b64d1fa5bd80242c655

nodejs-libs-debuginfo-16.18.1-4.el9\_0.aarch64.rpm

SHA-256: 0bdb8616ae9e703e41f891fbe29d230fab98f74c6453ec3ab64ab694b641c1bb

npm-8.19.2-1.16.18.1.4.el9\_0.aarch64.rpm

SHA-256: fd42e97fbab2d8d451c5663ed1ea15bfa94948f2573e0c36ebbd538ec5d562bc

**Red Hat Enterprise Linux Server for IBM z Systems - 4 years of updates 9.0**

SRPM

nodejs-16.18.1-4.el9\_0.src.rpm

SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b

s390x

nodejs-16.18.1-4.el9\_0.s390x.rpm

SHA-256: da00e7b5f20d9d5b11fde8d4e45e35472e623f6e3ede33bbabc1b6f465c07ce0

nodejs-debuginfo-16.18.1-4.el9\_0.s390x.rpm

SHA-256: bfb4575baf4f5a3134546b3ea445dcc4de85347cb62ad526784e15e198d4beda

nodejs-debugsource-16.18.1-4.el9\_0.s390x.rpm

SHA-256: 35e790484df2a8a0dd322e0b2970cd97c2a52fdceebd18ddd25a3110e4250f17

nodejs-docs-16.18.1-4.el9\_0.noarch.rpm

SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88

nodejs-full-i18n-16.18.1-4.el9\_0.s390x.rpm

SHA-256: d8d4400c98b991f2f10e998f5cf186262d4c5c5432a943ea5dafe6606f5e3349

nodejs-libs-16.18.1-4.el9\_0.s390x.rpm

SHA-256: 6c2b318ecf7ce0631ecaa256f165dbc566ff5fd2ef67a1c8074e1869b77f6b8d

nodejs-libs-debuginfo-16.18.1-4.el9\_0.s390x.rpm

SHA-256: acc0f43a87f2705060e4984c6268c37081cb53374da9015354bb12da2866486b

npm-8.19.2-1.16.18.1.4.el9\_0.s390x.rpm

SHA-256: af091dede33d6b96b5b3ed65e7a3b24bffe74d9cdbd27a0b1f2d81a82ba2981f

RHSA-2023:4036: Red Hat Security Advisory: nodejs security update

An issue was discovered in function get_gnu_verneed in rizinorg Rizin prior to 0.5.0 verneed_entry allows attackers to cause a denial of service via crafted elf file.

**Commit**

Permalink

Browse files

Browse the repository at this point in the history

ELF: added vn\_next break condition (#3214)

if the dynamic section's verneednum mismatches the true number of entries then the for loop in get\_gnu\_verneed will continue to iterate on the last entry since vn\_next will be 0 on the last entry. If verneednum is set to all 0xff's it will take a very long time to finish this loop naturally drastically hindering binary load time. The solution is simple, to check for when vn\_next == 0 and break out of the loop since all entries have been iterated over regardless of what verneednum indicates.

*   Loading branch information

CVE-2023-30226: ELF: added vn_next break condition (#3214) · rizinorg/rizin@a6d89de

Null pointer dereference vulnerability exists in multiple vendors MFPs and printers which implement Debut web server 1.2 or 1.3. Processing a specially crafted request may lead an affected product to a denial-of-service (DoS) condition. As for the affected products/models/versions, see the detailed information provided by each vendor.

For information on products and support services, please select your Country / Region and Product Category.

CVE-2023-29984: For Product and Support Information

Remote Procedure Call Runtime Denial of Service Vulnerability

Tag

#dos