What Are You Looking For?

Popular Tags

Sign Up
{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:3577","synopsis":"Important: nodejs:18 security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)\n\n* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)\n\n* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)\n\n* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2209494","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209494","description":""},{"ticket":"2209497","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209497","description":""},{"ticket":"2209501","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209501","description":""},{"ticket":"2209502","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209502","description":""}],"cves":[{"name":"CVE-2023-31124","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31124","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-31130","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31130","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-31147","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31147","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-32067","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-32067","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2023-06-24T18:53:41.228929Z","rpms":{"Rocky Linux 9":{"nvras":["nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.src.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-docs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.noarch.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.noarch.rpm","nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.src.rpm","nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm","nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.src.rpm","nodejs-packaging-bundler-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.aarch64.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.s390x.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2023:3577 nodejs

June 24, 2023
An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Summary

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) * c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130) * c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147) * c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RPMs

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.src.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-docs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.noarch.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.noarch.rpm

nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.aarch64.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.s390x.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.x86_64.rpm

References

No References

CVEs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067

Severity
Name: RLSA-2023:3577
Affected Products: Rocky Linux 9

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2209494

https://bugzilla.redhat.com/show_bug.cgi?id=2209497

https://bugzilla.redhat.com/show_bug.cgi?id=2209501

https://bugzilla.redhat.com/show_bug.cgi?id=2209502


Related News

Librem 11: Purism Unveils a Privacy-Focused Linux Tablet

Sep 15, 2023

Long-term Support for Linux Kernel to Be Cut as Maintenance Remains Under Strain

Sep 21, 2023

Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

Sep 15, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 13, 2023

News

Advisories

HOWTOs

Features

The Unseen Potential of Wake-on-LAN
Linux Vulnerabilities: The Antidote to This Linux Security Poison
Preventing Linux DDoS Attacks with Minimal Cybersecurity Knowledge
Navigating Software Scalability: A Practical Guide to Building Scalable Systems with Linux
Unlocking the Secrets of Linux Security: An Expert Analysis

About Us

Powered By

Footer Logo

Feedback