ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

AlmaLinux 2286 Published 2022-12-17 07:26 by Philipp Esselbach

News

A security, bug fix, and enhancement updatehas been released for AlmaLinux 8.

ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

Type:
security

Severity:
moderate

Release date:
2022-12-16

Description
The following packages were updated to later upstream versions: nodejs (16.18.1), nodejs-nodemon (2.0.20).
Security Fix(es):
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* nodejs:16/nodejs: Packaged version of undici does not fit with declared version. rhel-8 (BZ#2151625)

References:
RHSA-2022:9073
CVE-2021-44531
CVE-2021-44532
CVE-2021-44533
CVE-2021-44906
CVE-2022-21824
CVE-2022-3517
CVE-2022-43548
ALSA-2022:9073

Updates packages:
nodejs-nodemon-2.0.20-2.module_el8.7.0+3371+ed8c43db.noarch.rpm
Packages/nodejs-packaging-25-1.module_el8.5.0+2605+45d748af.noarch.rpm
nodejs-docs-16.18.1-3.module_el8.7.0+3371+ed8c43db.noarch.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.aarch64.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

ELSA-2022-9067-1 Important: Oracle Linux 8 firefox security update

SUSE-SU-2022:4503-1: important: Security update for the Linux Kernel

ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update

Windows

Linux

macOS

Community