RLSA-2023:5869

Security

Mirrored from RHSA-2023:5869

Issued at: 2025-12-04

Updated at: 2025-12-07

Synopsis

Important: nodejs:18 security update

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Rocky Enterprise Software Foundation Security Bulletin which addresses further details about this flaw is available in the References section.

* nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)

* nodejs: code injection via WebAssembly export names (CVE-2023-39333)

* node-undici: cookie leakage (CVE-2023-45143)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Affected products

Rocky Linux 8 aarch64

Rocky Linux 8 x86_64

Fixes

2242803

2244104

2244415

2244418

CVEs

CVE-2023-38552

CVE-2023-39333

CVE-2023-44487

CVE-2023-45143

Affected packages

Rocky Linux 8 x86_64 - AppStream

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1924+614dc87f.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1935+d3cbe60f.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1823+b5789597.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1667+4a788d89.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1666+930e28e8.src.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1667+4a788d89.src.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1823+b5789597.src.rpm

nodejs-packaging-0:2021.06-4.module+el8.9.0+1419+1f26ef47.src.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1924+614dc87f.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1667+4a788d89.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1924+614dc87f.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1935+d3cbe60f.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1823+b5789597.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1666+930e28e8.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1924+614dc87f.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1823+b5789597.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1667+4a788d89.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el8.9.0+1419+1f26ef47.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+1667+4a788d89.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+1823+b5789597.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el8.9.0+1419+1f26ef47.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+1924+614dc87f.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.9.0+1760+903d54b9.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1989+e60144d9.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1824+532140ee.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1988+437f3d23.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1824+532140ee.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1988+437f3d23.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1989+e60144d9.src.rpm

nodejs-nodemon-0:3.0.1-1.module+el8.9.0+1760+903d54b9.src.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1824+532140ee.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1988+437f3d23.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1989+e60144d9.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1989+e60144d9.src.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1988+437f3d23.src.rpm

nodejs-packaging-0:2021.06-4.module+el8.10.0+1824+532140ee.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+1989+e60144d9.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+1988+437f3d23.noarch.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el8.10.0+1824+532140ee.noarch.rpm

Rocky Linux 8 aarch64 - AppStream