AlmaLinux 2325 Published by

The following updates are available for AlmaLinux:

ALSA-2024:1334 Important: dnsmasq security update
ALSA-2024:1335 Important: dnsmasq security update
ALSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update
ALSA-2024:1435 Important: postgresql-jdbc security update
ALSA-2024:1436 Important: postgresql-jdbc security update
ALSA-2024:1438 Important: nodejs security update
ALSA-2024:1444 Important: nodejs:16 security update





ALSA-2024:1334 Important: dnsmasq security update


ID:
ALSA-2024:1334

Title:
ALSA-2024:1334 Important: dnsmasq security update

Type:
security

Severity:
important

Release date:
2024-03-18

Description
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC
validator (CVE-2023-50387)
* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can
exhaust CPU resources (CVE-2023-50868)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-50387
CVE-2023-50868
RHSA-2024:1334
ALSA-2024:1334

Updated packages listed below:
Architecture
Package
Checksum
aarch64
dnsmasq-2.85-14.el9_3.1.aarch64.rpm
0862cf8fec3c91d15c1c47c687d0b2f5e037b6ea3aeb22a0ce2e66043e5bc3e9
aarch64
dnsmasq-utils-2.85-14.el9_3.1.aarch64.rpm
4ecb45b87a022113d81ff53eb001224891c66226493497369551ae952d8a21ed
ppc64le
dnsmasq-2.85-14.el9_3.1.ppc64le.rpm
64878728ed6fefc3e09c9672f938873c8591ec0fdebb5fabca1910b34f24326d
ppc64le
dnsmasq-utils-2.85-14.el9_3.1.ppc64le.rpm
9a0a391c7ed871312657869f7e660c4f81c2f766ef6786be1d1e43a0f991d167
s390x
dnsmasq-2.85-14.el9_3.1.s390x.rpm
6fc7b10fd4a860e1e8ac105a92d101395aeae1fa79b3cc0a34b0abc8a6de841d
s390x
dnsmasq-utils-2.85-14.el9_3.1.s390x.rpm
f7aa7988a6fe29d9ac9a5c2ee91e955ce3bee69dfc2853faa1eb5673b951dbf6
x86_64
dnsmasq-2.85-14.el9_3.1.x86_64.rpm
1be42e2272eb00162c9261745ef97fa20694529c17694643034b46463dcbf66f
x86_64
dnsmasq-utils-2.85-14.el9_3.1.x86_64.rpm
d3efd95eae85ed1dca1717ba87951449324c7f4ef2382c2cfbc007f863263314

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1334 Important: dnsmasq security update






ALSA-2024:1335 Important: dnsmasq security update


ID:
ALSA-2024:1335

Title:
ALSA-2024:1335 Important: dnsmasq security update

Type:
security

Severity:
important

Release date:
2024-03-18

Description
The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-50387
CVE-2023-50868
RHSA-2024:1335
ALSA-2024:1335

Updated packages listed below:
Architecture
Package
Checksum
aarch64
dnsmasq-utils-2.79-31.el8_9.2.aarch64.rpm
661ea7781e7a69c222f8ab61882ab9fcec29c45b58f9eb1bb7f17a2b5bab03bf
aarch64
dnsmasq-2.79-31.el8_9.2.aarch64.rpm
c8d073ef61c3aa182fa0bc62c12465255a708bfc91288ff277d0f0468d73a935
ppc64le
dnsmasq-utils-2.79-31.el8_9.2.ppc64le.rpm
52a94a55b7de20848ff4d91b3576cfabc4ba3109eb24609db3c98c03c01eda90
ppc64le
dnsmasq-2.79-31.el8_9.2.ppc64le.rpm
9b34bfc7fa8fe2d8a6c63b3bb6093603666674db115e559a96a6ebcba2d91a16
s390x
dnsmasq-2.79-31.el8_9.2.s390x.rpm
7698d8d8a961b8443224afa62865a72c8948d6b8445d81654a17e1daa65c2ca0
s390x
dnsmasq-utils-2.79-31.el8_9.2.s390x.rpm
f853b7a1a7f82f46c0848f7385bdba0bbba77327a5d948e4e86155b8e6adf4e3
x86_64
dnsmasq-2.79-31.el8_9.2.x86_64.rpm
5b88d8e2f8a91d685640329557dadbfdd38be5d311181e2e39c8a5c3f6440891
x86_64
dnsmasq-utils-2.79-31.el8_9.2.x86_64.rpm
9f5d10e888ae3e13468f343b1ab917250cc4dcc5243e0c50d3489307ccf0b60c

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1335 Important: dnsmasq security update






ALSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update


ID:
ALSA-2024:1431

Title:
ALSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update

Type:
security

Severity:
moderate

Release date:
2024-03-21

Description
Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to perform system management tasks.
The following packages have been upgraded to a later upstream version: ruby (3.1). (AlmaLinux-28565)
Security Fix(es):
* ruby/cgi-gem: HTTP response splitting in CGI (CVE-2021-33621)
* ruby: ReDoS vulnerability in URI (CVE-2023-28755)
* ruby: ReDoS vulnerability - upstream's incomplete fix for CVE-2023-28755 (CVE-2023-36617)
* ruby: ReDoS vulnerability in Time (CVE-2023-28756)
Bug Fix(es):
* ruby/rubygem-irb: IRB has hard dependency on rubygem-rdoc (AlmaLinux-28569)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2021-33621
CVE-2023-28755
CVE-2023-28756
CVE-2023-36617
RHSA-2024:1431
ALSA-2024:1431

Updated packages listed below:
Architecture
Package
Checksum
aarch64
rubygem-pg-1.3.2-1.module_el8.7.0+3304+9392e77f.aarch64.rpm
0c810876fa6f5b181b263dae7a8ad3f9a38c87fa8c1dfb9a85d5a2520cc5f959
aarch64
rubygem-psych-4.0.4-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
2ba214d4e0dc9a5f0f4ffaec97d5970c88766de4c7c50a58ccd1e076c269d030
aarch64
ruby-libs-3.1.4-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
2e5f4b6bd861b3ea6452d259bad282aad8a28e7ecbbd2577e2085ae211fa182f
aarch64
rubygem-json-2.6.1-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
3c73281dafcac4ed3bacbb13d1d2fe5c8464ca0e347c6f309d459a034191bb4a
aarch64
rubygem-bigdecimal-3.1.1-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
3c827f4d6ed7308e72be863e61f41a53db5e63f41e8e183f0c53420bf86675fd
aarch64
rubygem-rbs-2.7.0-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
5cbacc8828e84f57b059ef6a36e473aadb3dfd5d05b1d0f2333fd5357753da3e
aarch64
ruby-bundled-gems-3.1.4-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
5f290e83a568b87106aeae80f4fdb4792b4aa2e6361f30f640694c125a86ca8d
aarch64
ruby-3.1.4-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
688a5645943effc7126a5bb4c96f4dce4fdaa390ed881ae2051d04fb2b920098
aarch64
ruby-devel-3.1.4-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
ca81aa6cce5c12a98e4dadd0feb64d99a117910ac5da4c158f8f6cc3f33244f2
aarch64
rubygem-io-console-0.5.11-142.module_el8.9.0+3746+91b8233a.aarch64.rpm
d4109e648b86e22d6a127877b4c508a1bbd882e73e4018eec56e8f471828ba01
aarch64
rubygem-mysql2-0.5.3-3.module_el8.9.0+3746+91b8233a.aarch64.rpm
dbfe520cef4d3f4713a6f0ab2270b312765511985de21a1588bed57703484068
i686
rubygem-json-2.6.1-142.module_el8.9.0+3746+91b8233a.i686.rpm
1145ee0929904a056cb9a11d6badd36b75796229e273c324c4b2c57cbe0e7fed
i686
ruby-libs-3.1.4-142.module_el8.9.0+3746+91b8233a.i686.rpm
2b87f6fa82d3dc00afc9df387f72cdc1f8b143487bc37d1ad1cd86a0599e3125
i686
rubygem-io-console-0.5.11-142.module_el8.9.0+3746+91b8233a.i686.rpm
546132fcc6a89302387ef0dc94b67bbc56a48147a9b560d60793715906ab9ad4
i686
rubygem-psych-4.0.4-142.module_el8.9.0+3746+91b8233a.i686.rpm
56aacbb99359c3ebd5efa36dc5ac3ce593f2a5067b032ce30efd280e2f7c9387
i686
rubygem-rbs-2.7.0-142.module_el8.9.0+3746+91b8233a.i686.rpm
5e91d579491fe793a685d9af25138fd90f743d5b6ce19a09afb6e58229e50271
i686
ruby-bundled-gems-3.1.4-142.module_el8.9.0+3746+91b8233a.i686.rpm
69021f979e83795b2f41a8d6067b3b62e7f8be98ebbeb3c2aa179b4bc6e241a8
i686
ruby-3.1.4-142.module_el8.9.0+3746+91b8233a.i686.rpm
882f34fabe04b6ebd66cdb467310f89c77c4b3d3916938298256742702a4784c
i686
rubygem-bigdecimal-3.1.1-142.module_el8.9.0+3746+91b8233a.i686.rpm
96aa178f4b328f900b6fc67652f888e95fbffd4cd1bf94dfefcdf91497d83516
i686
ruby-devel-3.1.4-142.module_el8.9.0+3746+91b8233a.i686.rpm
b5b36cdb5817a6f8641ad7f8a5226c05a05308dc94255045e8f809f7bba4e7b7
noarch
ruby-default-gems-3.1.4-142.module_el8.9.0+3746+91b8233a.noarch.rpm
192f5bd5dd02cd99a650451c708c422c9413e7fee2cb136da5fcafa26fcaaf33
noarch
rubygems-devel-3.3.26-142.module_el8.9.0+3746+91b8233a.noarch.rpm
210a558edc0139e22f0384b30e649b6893c6f7284a49a653acdc1e45a01afaf5
noarch
rubygem-minitest-5.15.0-142.module_el8.9.0+3746+91b8233a.noarch.rpm
2b0001e8f3c7d5bae5df20a98bf9fead8a89af201aa1f1ff1b0b9de2183f51e7
noarch
rubygem-typeprof-0.21.3-142.module_el8.9.0+3746+91b8233a.noarch.rpm
329b1ee1d7dff419463fa05f3e1d98317a197e86c5980f9db02822f8d93c9317
noarch
rubygem-rake-13.0.6-142.module_el8.9.0+3746+91b8233a.noarch.rpm
441952af74becb133825706b26c16c16689b297ddde4b9b0e719c5eb7046150e
noarch
rubygem-power_assert-2.0.1-142.module_el8.9.0+3746+91b8233a.noarch.rpm
4b9d0d0b9dbfbc9d2d9851abdecf1a944ac25ea53cec8a16f63a3e938fb88dec
noarch
rubygem-abrt-doc-0.4.0-1.module_el8.7.0+3304+9392e77f.noarch.rpm
7284beeddeaba713c34bd281bd7e5d501d457d0e37b903a071556fd1ac7a060f
noarch
rubygems-3.3.26-142.module_el8.9.0+3746+91b8233a.noarch.rpm
7e8d93cdd6a3ca704cb7b96db6c5e507e630a43c78de3cd0792587d4d7d66374
noarch
ruby-doc-3.1.4-142.module_el8.9.0+3746+91b8233a.noarch.rpm
81cda5999332a197ff35f8c64be1ea3d886ccce78b9b4b1228ed0d3bd9fd53fe
noarch
rubygem-rss-0.2.9-142.module_el8.9.0+3746+91b8233a.noarch.rpm
847ae5c73ee44b14ff9e5358e36cba8d29bc39769bacc37f44ae6dc9ab652c04
noarch
rubygem-pg-doc-1.3.2-1.module_el8.7.0+3304+9392e77f.noarch.rpm
a4a83fd3f4b27a2a7051057f8b565f6b0808f755deb1d8f592085c5313236d46
noarch
rubygem-rexml-3.2.5-142.module_el8.9.0+3746+91b8233a.noarch.rpm
aa6b1f6e62d0f7d8df63fb09afe0cc712ee45767e6d8f3ae768508fa2a4b566c
noarch
rubygem-irb-1.4.1-142.module_el8.9.0+3746+91b8233a.noarch.rpm
abe99e3c5e34472e68bf8105272138114535c13fc69495b9240ab51827beb034
noarch
rubygem-mysql2-doc-0.5.3-3.module_el8.9.0+3746+91b8233a.noarch.rpm
b041e7b43395ddba070a6629f247dce8d99b56956940ee94a67a0a2e0ee1fd0a
noarch
rubygem-abrt-0.4.0-1.module_el8.7.0+3304+9392e77f.noarch.rpm
d0c3a8805919b1a45e1a94ae66d42bd18521e5391d4637af60fe14f291c63a5d
noarch
rubygem-rdoc-6.4.0-142.module_el8.9.0+3746+91b8233a.noarch.rpm
d5e0640a46a0fbf7077f45eab94c3d058c4b73c7ae8d4d5ccaa70eaea16f9cc7
noarch
rubygem-bundler-2.3.26-142.module_el8.9.0+3746+91b8233a.noarch.rpm
eae2d27f73136478a142a0c73a9ae8009d93b972d7be6ece9e7b232693102c90
noarch
rubygem-test-unit-3.5.3-142.module_el8.9.0+3746+91b8233a.noarch.rpm
f91dbc228aa2dbd9650d6b73d33575c722762b6c7fe5bb641c1dae27a3aacb75
ppc64le
rubygem-psych-4.0.4-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
0712169978f08f4e67d4b40c27fc4f92b693d4bace6c23e1f570882f37f1aa15
ppc64le
rubygem-bigdecimal-3.1.1-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
4914191221d47e31e671d5e5508e3c5bf4fd7740d125d758f4c8cce0acded84d
ppc64le
rubygem-json-2.6.1-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
61218060c5689761783e169f618f5fae29afa46b5fc9089801b1cf8ae8a916c3
ppc64le
ruby-bundled-gems-3.1.4-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
6563fb4903847adc63f1f60ac8e2e7f0374dae8e9d6754b67b0473cda93e919b
ppc64le
rubygem-mysql2-0.5.3-3.module_el8.9.0+3746+91b8233a.ppc64le.rpm
6ac16dd0dd002092ac6d5960eb63a7bd1a0639509605bb6319b65cdbae1acba1
ppc64le
ruby-3.1.4-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
6bebf6d58ed0c3c57fd511a7725e1c52e2bf6cd05e0d98e6a4c600222ed64021
ppc64le
rubygem-rbs-2.7.0-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
9da145808a819bf06e2df079843dfed831d161879a8ebed634bfe86b20363949
ppc64le
rubygem-pg-1.3.2-1.module_el8.7.0+3304+9392e77f.ppc64le.rpm
9e416b8eed3ba7768f3e8b88b3dc3ada3a9c57b02218de90564d438a53331fbd
ppc64le
rubygem-io-console-0.5.11-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
cb109e2874ed677b256f4a7bf2532f72b996df219285848105bf816315f57931
ppc64le
ruby-devel-3.1.4-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
d08da3f4b0f9304abc0b0e5d7bca4ab60b2c181de05c21de9a5e5845728a70da
ppc64le
ruby-libs-3.1.4-142.module_el8.9.0+3746+91b8233a.ppc64le.rpm
f771ccd7208042de440255a5888e5e4527b2fcfbf128fdfb56386388bf26758d
s390x
ruby-libs-3.1.4-142.module_el8.9.0+3746+91b8233a.s390x.rpm
2c3ef86d2f8b7d1a0beaa1595dec2aca6049d12ed4324f5a41dd0132b2781422
s390x
rubygem-pg-1.3.2-1.module_el8.7.0+3304+9392e77f.s390x.rpm
454f1d2b472d38004c448eed271c173aa5be1fef8150cd3fa73c9b4b3bcfc2ba
s390x
ruby-bundled-gems-3.1.4-142.module_el8.9.0+3746+91b8233a.s390x.rpm
549de138befe91037b6e4b055f31ee2ef5040af91a94a1ae1d599ee6f30aed6a
s390x
ruby-devel-3.1.4-142.module_el8.9.0+3746+91b8233a.s390x.rpm
6ac7f3cfda31cdaf941d4077485aeff9db5f15695eae94637e6c915bd8783cbe
s390x
rubygem-mysql2-0.5.3-3.module_el8.9.0+3746+91b8233a.s390x.rpm
918f33bb63f2437177e2ccc66781a31b62f2b20d0a0b1449cef7c7359b24eb9d
s390x
rubygem-rbs-2.7.0-142.module_el8.9.0+3746+91b8233a.s390x.rpm
a3edd52f3d6b3541776e9c03ae18954f4f869f86535ae86f341d77da7b32d103
s390x
rubygem-bigdecimal-3.1.1-142.module_el8.9.0+3746+91b8233a.s390x.rpm
a6bfe2597c9577fb052bf5304da9d257c3d319f688e317d41a2d724f40970904
s390x
rubygem-io-console-0.5.11-142.module_el8.9.0+3746+91b8233a.s390x.rpm
b6b643b2d2739f48f90f1fdbb5e70ad69c91e92c97bbf535033ffca0c08b009a
s390x
ruby-3.1.4-142.module_el8.9.0+3746+91b8233a.s390x.rpm
bbb49181acca558548a2655c8211a8a6ab5241946ce75f3abfd5f642464d5f86
s390x
rubygem-json-2.6.1-142.module_el8.9.0+3746+91b8233a.s390x.rpm
bfdefc37caae2ec2a8ab5ae185637b3f5462e2729c471478685a7723468920f7
s390x
rubygem-psych-4.0.4-142.module_el8.9.0+3746+91b8233a.s390x.rpm
c4d8b05dae8a9a632a6f3db44f45e472b9603446696f4c6f3c7eefa27632f5e0
x86_64
ruby-devel-3.1.4-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
0274ae40bda6d55fb5502ff4fdc18eef3626fa8469c0ef6e49b8a5a01785b340
x86_64
rubygem-bigdecimal-3.1.1-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
106e43c693941052df59588b6be6f97eba6d27818e25965a78eba64ce0bed61b
x86_64
rubygem-psych-4.0.4-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
3ace99a7ddb16a8a1a8bd34e141943e20499cdd66c2e4f5af46513509f1d2ba7
x86_64
ruby-libs-3.1.4-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
3d40b474d3fa769888782a2ee9c77adab116d21c036c372e68b09466b8db36f0
x86_64
rubygem-json-2.6.1-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
49db5557b5bfb01b6355384441e680b97254ebc2caba1e24195fedbb2ebe10b4
x86_64
rubygem-pg-1.3.2-1.module_el8.7.0+3304+9392e77f.x86_64.rpm
6b30eca652ebb50db8064f2374c0f5adb07d0289f94a00f6319bc1ddf532a551
x86_64
ruby-bundled-gems-3.1.4-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
858b536c46aaee8c9e3d90f8714e344b4c7113897cc88486fb3a6026b2985a9c
x86_64
rubygem-io-console-0.5.11-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
869eef96eecb265bb485f7cb6c30cc0fed2f6aed22a5830cfca7f156547e475a
x86_64
ruby-3.1.4-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
b8b7321a7720de80c9bd42c1fd7405b2f0ac5d4dbecc72053617321d975a3757
x86_64
rubygem-rbs-2.7.0-142.module_el8.9.0+3746+91b8233a.x86_64.rpm
d123d8d0e6026380a2164d59b857797e857ed37ed441ff7d72f43f7ed6a16c05
x86_64
rubygem-mysql2-0.5.3-3.module_el8.9.0+3746+91b8233a.x86_64.rpm
fb225106392ed81612474aa8b87b065f733931e062efef5737a912fa9a953993

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1431 Moderate: ruby:3.1 security, bug fix, and enhancement update






ALSA-2024:1435 Important: postgresql-jdbc security update


ID:
ALSA-2024:1435

Title:
ALSA-2024:1435 Important: postgresql-jdbc security update

Type:
security

Severity:
important

Release date:
2024-03-21

Description
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.
Security Fix(es):
* PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-1597
RHSA-2024:1435
ALSA-2024:1435

Updated packages listed below:
Architecture
Package
Checksum
noarch
postgresql-jdbc-42.2.14-3.el8_9.noarch.rpm
26c64d5f2ca9d17567e12eaf7ed747502c4b4e413bce2edbc37f18e064d41fa3
noarch
postgresql-jdbc-javadoc-42.2.14-3.el8_9.noarch.rpm
c46815c60729af5b20b1333f170a7b69e01c7facfaa6d4019c6dbe629676c879

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1435 Important: postgresql-jdbc security update






ALSA-2024:1436 Important: postgresql-jdbc security update


ID:
ALSA-2024:1436

Title:
ALSA-2024:1436 Important: postgresql-jdbc security update

Type:
security

Severity:
important

Release date:
2024-03-21

Description
PostgreSQL is an advanced object-relational database management system. The postgresql-jdbc package includes the .jar files needed for Java programs to access a PostgreSQL database.
Security Fix(es):
* PostgreSQL JDBC Driver allows attacker to inject SQL if using PreferQueryMode=SIMPLE (CVE-2024-1597)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-1597
RHSA-2024:1436
ALSA-2024:1436

Updated packages listed below:
Architecture
Package
Checksum
noarch
postgresql-jdbc-42.2.28-1.el9_3.noarch.rpm
ede3b40e7fe11086a3e183d3dd0be658c1fb5aea6a86fe91f30954f142a0b602

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1436 Important: postgresql-jdbc security update






ALSA-2024:1438 Important: nodejs security update


ID:
ALSA-2024:1438

Title:
ALSA-2024:1438 Important: nodejs security update

Type:
security

Severity:
important

Release date:
2024-03-21

Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2024-22019
RHSA-2024:1438
ALSA-2024:1438

Updated packages listed below:
Architecture
Package
Checksum
aarch64
npm-8.19.4-1.16.20.2.4.el9_3.aarch64.rpm
2f3c52850f16e3c5d974016a463646fb9f839e36c1075f03b6f57f65b4b390a7
aarch64
nodejs-16.20.2-4.el9_3.aarch64.rpm
337becb4e233b42f80d7a05a2c99b016316473ddd84f79503e1c141ce5dc87f1
aarch64
nodejs-libs-16.20.2-4.el9_3.aarch64.rpm
7ddc57c573ee2ad361ce1555bcf0be117f77436fc88a5deeb494edbca3771acb
aarch64
nodejs-full-i18n-16.20.2-4.el9_3.aarch64.rpm
d42a04d9f1d0fa2e472a2e443ea08cdf088796181e5d0b32c7cddcbf5f4131c7
i686
nodejs-libs-16.20.2-4.el9_3.i686.rpm
3bea2c60394d181cb6626dc01c656ff13728e7c40f1575adc56c846da35a8a31
noarch
nodejs-docs-16.20.2-4.el9_3.noarch.rpm
b7665cdefdd2b7370eacb21f03b8da394621bc6ab63e1a16bb5d2d7b0e6beaf1
ppc64le
npm-8.19.4-1.16.20.2.4.el9_3.ppc64le.rpm
5642c18faa25a069687886c9172dc50b4c11f52bc203697416da264c89f1cdbc
ppc64le
nodejs-16.20.2-4.el9_3.ppc64le.rpm
ae2f9720887458d640a8cfe28825d7eed13c060bd437638b13c3886d6c077680
ppc64le
nodejs-libs-16.20.2-4.el9_3.ppc64le.rpm
d017518a6e83a2af981de5a1d3e95ab3465f943a00b7799ba2605649cbdb2f96
ppc64le
nodejs-full-i18n-16.20.2-4.el9_3.ppc64le.rpm
ead195b30a2a6da679f051273b9d79585d659779a330159c2eb9eedfecaa3795
s390x
nodejs-full-i18n-16.20.2-4.el9_3.s390x.rpm
2819f053ff0e6e0124040faa0d9badcbbf8ebfc95d7d34b7c7e8703b8c3ff710
s390x
nodejs-16.20.2-4.el9_3.s390x.rpm
8f3f06246db592d3fc0c40a96bbe002c01f00eaf1c4bb19a25409dcbcdda87e5
s390x
nodejs-libs-16.20.2-4.el9_3.s390x.rpm
dd500afff2fc66e705cce0bb7fcbd38c38d58dedc7416c2e2836a634e91d3a1b
s390x
npm-8.19.4-1.16.20.2.4.el9_3.s390x.rpm
df121a81a34a326298484387181d862c70a11f4c53c28e6926747348d1237311
x86_64
npm-8.19.4-1.16.20.2.4.el9_3.x86_64.rpm
2e9902a47132c12b66f9fc78e33d897b565cb21e769dc66a1f6c42a54d7a43be
x86_64
nodejs-16.20.2-4.el9_3.x86_64.rpm
39c873b622adaa53fb1abbf6ae98a0699f2ea580902228ebaa4351a6295435bb
x86_64
nodejs-full-i18n-16.20.2-4.el9_3.x86_64.rpm
92635cca971db6cd7106aabd427eede415a2645b734a22e401461932f2b65a2c
x86_64
nodejs-libs-16.20.2-4.el9_3.x86_64.rpm
cb1972e5d747f117e90758779603e1e21a2e55c83453f07db51b24c3e2bad22c

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1438 Important: nodejs security update






ALSA-2024:1444 Important: nodejs:16 security update


ID:
ALSA-2024:1444

Title:
ALSA-2024:1444 Important: nodejs:16 security update

Type:
security

Severity:
important

Release date:
2024-03-21

Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)
* nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:
CVE-2023-44487
CVE-2024-22019
RHSA-2024:1444
ALSA-2024:1444

Updated packages listed below:
Architecture
Package
Checksum
aarch64
npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.aarch64.rpm
0784b2c16cf57e2008262257526479c8cf3e22de26de1271e1e0cc77d3cd5d19
aarch64
nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.aarch64.rpm
50702ee344391216069994a9f3f2d63743e9f03556e3240b4bd32ec43f789cf8
aarch64
nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.aarch64.rpm
582cd6b2b699d5c4de97a8cc13185aed0f82bc9aeabee82d235e4237798988eb
aarch64
nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.aarch64.rpm
733e94dbfb99bfd802f32683c313135a66a93ac0ce24b10b323af63df728602e
noarch
nodejs-nodemon-3.0.1-1.module_el8.8.0+3614+204d6f43.noarch.rpm
2b8db0b6778841b5b0d2e3e86ff1391c8b370f251408760a942901ec43e8c298
noarch
nodejs-packaging-26-1.module_el8.8.0+3614+204d6f43.noarch.rpm
55ff8b1958f44d03607bb59c4e3229e1bc8b05fa82bcc87babfe8f2b25c1c841
noarch
nodejs-docs-16.20.2-4.module_el8.9.0+3747+ead8229c.noarch.rpm
ab411dbc2c275237ac49a6939a4c9e25b2457b5fb675188fcd074f8a1f67d5f4
ppc64le
nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.ppc64le.rpm
2a273ac4b6a4b215ae471c3dcbce7c620bf6e1d0c8abbf9881ecb66455963954
ppc64le
nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.ppc64le.rpm
46769282d703aa055f4081662dce793667f92c5c5aeec482a9cd5020d4b87656
ppc64le
npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.ppc64le.rpm
90c3919c76d8280785bec827098ba5715e4a4372e0eaebc979e058b6884d2a9c
ppc64le
nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.ppc64le.rpm
d93f105bfdad538bbfa25effe47cafa2df4e7c57e441e28833cb040d430c7607
s390x
nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.s390x.rpm
9daa85d85c154e32f9ab7dbc924d1657e140d4b3917c2ddbc663fc5700c1a105
s390x
npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.s390x.rpm
cfb9d26c7a566d79f410c2240a45bd766af953c492059c7ba8e2c9d576c0646a
s390x
nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.s390x.rpm
f034689549356f3a3484df76a4f02a0dd4a3f43a95059361f35e802f3c38dee5
s390x
nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.s390x.rpm
f3518869071ecf6738a477eea944de125e43efbdc07c15f34df1a533a7e7006c
x86_64
npm-8.19.4-1.16.20.2.4.module_el8.9.0+3747+ead8229c.x86_64.rpm
28f7e8b8907aae4eb346097d98bab32169b977842e074b1a4a61c99f1d955420
x86_64
nodejs-devel-16.20.2-4.module_el8.9.0+3747+ead8229c.x86_64.rpm
29c25b0f08bd6101999c8cb456457b4b84d3666a4b32a5c01e4079a485efe547
x86_64
nodejs-16.20.2-4.module_el8.9.0+3747+ead8229c.x86_64.rpm
77f143859685e5da20927d458ebea1382838ab081134e92a4e7d2c767a451c91
x86_64
nodejs-full-i18n-16.20.2-4.module_el8.9.0+3747+ead8229c.x86_64.rpm
84f14690c5ea2c5866b54cd8a58192b57630f4a5e5e5afd340f41f089ee8ed34

Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.

  ALSA-2024:1444 Important: nodejs:16 security update