RLSA-2024:2853

Security

Mirrored from RHSA-2024:2853

Issued at: 2024-06-14

Updated at: 2024-06-14

Synopsis

Important: nodejs:20 security update

Description

Node.js is a software development platform for building fast and scalable

network applications in the JavaScript programming language.

Security Fix(es):

* c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)

* nghttp2: CONTINUATION frames DoS (CVE-2024-28182)

* nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)

* nodejs: CONTINUATION frames DoS (CVE-2024-27983)

* nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)

For more details about the security issue(s), including the impact, a CVSS

score, acknowledgments, and other related information, refer to the CVE

page(s) listed in the References section.

Affected products

Rocky Linux 9 aarch64

Rocky Linux 9 ppc64le

Rocky Linux 9 s390x

Rocky Linux 9 x86_64

Fixes

2265713

2268639

2270559

2272764

2275392

CVEs

CVE-2024-22025

CVE-2024-25629

CVE-2024-27982

CVE-2024-27983

CVE-2024-28182

Affected packages

Rocky Linux 9 aarch64 - AppStream

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.aarch64.rpm

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.src.rpm

nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+20281+a6090b05.aarch64.rpm

nodejs-debugsource-1:20.12.2-2.module+el9.4.0+20281+a6090b05.aarch64.rpm

nodejs-devel-1:20.12.2-2.module+el9.4.0+20281+a6090b05.aarch64.rpm

nodejs-docs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.noarch.rpm

nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+20281+a6090b05.aarch64.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+20281+a6090b05.aarch64.rpm

Rocky Linux 9 ppc64le - AppStream

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.ppc64le.rpm

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.src.rpm

nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+20281+a6090b05.ppc64le.rpm

nodejs-debugsource-1:20.12.2-2.module+el9.4.0+20281+a6090b05.ppc64le.rpm

nodejs-devel-1:20.12.2-2.module+el9.4.0+20281+a6090b05.ppc64le.rpm

nodejs-docs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.noarch.rpm

nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+20281+a6090b05.ppc64le.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+20281+a6090b05.ppc64le.rpm

Rocky Linux 9 s390x - AppStream

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.s390x.rpm

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.src.rpm

nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+20281+a6090b05.s390x.rpm

nodejs-debugsource-1:20.12.2-2.module+el9.4.0+20281+a6090b05.s390x.rpm

nodejs-devel-1:20.12.2-2.module+el9.4.0+20281+a6090b05.s390x.rpm

nodejs-docs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.noarch.rpm

nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+20281+a6090b05.s390x.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+20281+a6090b05.s390x.rpm

Rocky Linux 9 x86_64 - AppStream

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.src.rpm

nodejs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.x86_64.rpm

nodejs-debuginfo-1:20.12.2-2.module+el9.4.0+20281+a6090b05.x86_64.rpm

nodejs-debugsource-1:20.12.2-2.module+el9.4.0+20281+a6090b05.x86_64.rpm

nodejs-devel-1:20.12.2-2.module+el9.4.0+20281+a6090b05.x86_64.rpm

nodejs-docs-1:20.12.2-2.module+el9.4.0+20281+a6090b05.noarch.rpm

nodejs-full-i18n-1:20.12.2-2.module+el9.4.0+20281+a6090b05.x86_64.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-nodemon-0:3.0.1-1.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.4.0+20268+ab82f8a5.noarch.rpm

npm-1:10.5.0-1.20.12.2.2.module+el9.4.0+20281+a6090b05.x86_64.rpm