Fedora Update Notification
2021-10-23 03:21:10.501438

Name        : nodejs
Product     : Fedora 34
Version     : 14.18.1
Release     : 1.fc34
URL         : https://nodejs.org/
Summary     : JavaScript runtime
Description :
Node.js is a platform built on Chrome's JavaScript runtime
for easily building fast, scalable network applications.
Node.js uses an event-driven, non-blocking I/O model that
makes it lightweight and efficient, perfect for data-intensive
real-time applications that run across distributed devices.

Update Information:

## 2021-10-12, Version 14.18.1 'Fermium' (LTS), @danielleadams  This is a
security release.  ### Notable changes  * **CVE-2021-22959**: HTTP Request
Smuggling due to spaced in headers (Medium)     * The http parser accepts
requests with a space (SP) right after the header name before the colon. This
can lead to HTTP Request Smuggling (HRS). More details will be available at
after publication. * **CVE-2021-22960**: HTTP Request Smuggling when parsing the
body (Medium)      * The parse ignores chunk extensions when parsing the body of
chunked requests. This leads to HTTP Request Smuggling (HRS) under certain
conditions. More details will be available at
after publication.

* Thu Oct 14 2021 Stephen Gallagher  - 1:14.18.1-1
- Update to security release 14.18.1
- https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V14.md#14.18.1

  [ 1 ] Bug #2014059 - CVE-2021-22960 llhttps: HTTP Request Smuggling when parsing the body

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2021-9807b754d9' at the command
line. For more information, refer to the dnf documentation available at

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure