A security, bug fix, and enhancement updatehas been released for AlmaLinux 8.
ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2022-12-16
Description
The following packages were updated to later upstream versions: nodejs (16.18.1), nodejs-nodemon (2.0.20).
Security Fix(es):
* nodejs: Improper handling of URI Subject Alternative Names (CVE-2021-44531)
* nodejs: Certificate Verification Bypass via String Injection (CVE-2021-44532)
* nodejs: Incorrect handling of certificate subject and issuer fields (CVE-2021-44533)
* minimist: prototype pollution (CVE-2021-44906)
* nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517)
* nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548)
* nodejs: Prototype pollution via console.table properties (CVE-2022-21824)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* nodejs:16/nodejs: Packaged version of undici does not fit with declared version. rhel-8 (BZ#2151625)
References:
RHSA-2022:9073
CVE-2021-44531
CVE-2021-44532
CVE-2021-44533
CVE-2021-44906
CVE-2022-21824
CVE-2022-3517
CVE-2022-43548
ALSA-2022:9073
Updates packages:
nodejs-nodemon-2.0.20-2.module_el8.7.0+3371+ed8c43db.noarch.rpm
Packages/nodejs-packaging-25-1.module_el8.5.0+2605+45d748af.noarch.rpm
nodejs-docs-16.18.1-3.module_el8.7.0+3371+ed8c43db.noarch.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.s390x.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.x86_64.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.ppc64le.rpm
nodejs-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm
nodejs-full-i18n-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm
npm-8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db.aarch64.rpm
nodejs-devel-16.18.1-3.module_el8.7.0+3371+ed8c43db.aarch64.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.
ALSA-2022:9073 Moderate: nodejs:16 security, bug fix, and enhancement update