Rocky Linux: RLSA-2022:8833 nodejs | LinuxSecurity.com

What Are You Looking For?

Popular Tags

Contribute
{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:8833","synopsis":"Moderate: nodejs:18 security, bug fix, and enhancement update","severity":"SEVERITY_MODERATE","topic":"An update for the nodejs:18 module is now available for Rocky Linux 8.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \nThe following packages have been upgraded to a later upstream version: nodejs (18.12.1), nodejs-nodemon (2.0.20). (BZ#2142818)\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 8"],"fixes":[{"ticket":"2134609","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2134609","description":"CVE-2022-3517 nodejs-minimatch: ReDoS via the braceExpand function"},{"ticket":"2140911","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2140911","description":"CVE-2022-43548 nodejs: DNS rebinding in inspect via invalid octal IP address"},{"ticket":"2142818","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2142818","description":"nodejs:18\/nodejs: Rebase to the latest Nodejs 18 release [rhel-8] [rhel-8.7.0.z]"}],"cves":[{"name":"CVE-2022-3517","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-3517.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:N\/A:H","cvss3BaseScore":"7.5","cwe":"CWE-400"},{"name":"CVE-2022-43548","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-43548.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:N\/I:H\/A:N","cvss3BaseScore":"7.5","cwe":"CWE-350"}],"references":[],"publishedAt":"2023-01-30T05:21:58.034199Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2022:8833 nodejs

January 30, 2023
An update for the nodejs:18 module is now available for Rocky Linux 8. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate

Summary

An update for the nodejs:18 module is now available for Rocky Linux 8. Rocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.


Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (18.12.1), nodejs-nodemon (2.0.20). (BZ#2142818) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RPMs

References

No References

CVEs

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-3517.json

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2022-43548.json

Severity
Name: RLSA-2022:8833
Affected Products: Rocky Linux 8

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2134609

https://bugzilla.redhat.com/show_bug.cgi?id=2140911

https://bugzilla.redhat.com/show_bug.cgi?id=2142818


Related News

It’s Not Just Windows that Gets Malware

Google Discloses CentOS Linux Kernel Vulnerabilities Following Failure to Issue Timely Fixes

NordVPN Makes its Meshnet Private Tunnel Free for Everyone

Tails 5.11 Amnesic Incognito Live System Switches to ZRam and Linux Kernel 6.1 LTS

News

Advisories

HOWTOs

Features

Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories

About Us

Powered By

Footer Logo

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy. 

Learn More About Our Cookie Policy