What Are You Looking For?

Sign Up
{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2023:3577","synopsis":"Important: nodejs:18 security update","severity":"SEVERITY_IMPORTANT","topic":"An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging.\nThis update affects Rocky Linux 9.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list","description":"Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)\n\n* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)\n\n* c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)\n\n* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2209494","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209494","description":""},{"ticket":"2209497","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209497","description":""},{"ticket":"2209501","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209501","description":""},{"ticket":"2209502","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2209502","description":""}],"cves":[{"name":"CVE-2023-31124","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31124","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-31130","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31130","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-31147","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-31147","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"},{"name":"CVE-2023-32067","sourceBy":"MITRE","sourceLink":"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2023-32067","cvss3ScoringVector":"UNKNOWN","cvss3BaseScore":"UNKNOWN","cwe":"UNKNOWN"}],"references":[],"publishedAt":"2023-06-24T18:53:41.228929Z","rpms":{"Rocky Linux 9":{"nvras":["nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.src.rpm","nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-docs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.noarch.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm","nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm","nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.noarch.rpm","nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.src.rpm","nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm","nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.src.rpm","nodejs-packaging-bundler-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.aarch64.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.ppc64le.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.s390x.rpm","npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.x86_64.rpm"]}},"rebootSuggested":false,"buildReferences":[]}

Rocky Linux: RLSA-2023:3577 nodejs

June 24, 2023
An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list

Summary

An update is available for nodejs-nodemon, module.nodejs, nodejs, module.nodejs-nodemon, module.nodejs-packaging, nodejs-packaging. This update affects Rocky Linux 9. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list


Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067) * c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130) * c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147) * c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

RPMs

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.src.rpm

nodejs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-debuginfo-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-debugsource-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-devel-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-docs-1:18.14.2-3.module+el9.2.0+14843+acebbfea.noarch.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.aarch64.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.s390x.rpm

nodejs-full-i18n-1:18.14.2-3.module+el9.2.0+14843+acebbfea.x86_64.rpm

nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.noarch.rpm

nodejs-nodemon-0:2.0.20-2.module+el9.2.0+14843+acebbfea.src.rpm

nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm

nodejs-packaging-0:2021.06-4.module+el9.2.0+14843+acebbfea.src.rpm

nodejs-packaging-bundler-0:2021.06-4.module+el9.2.0+14843+acebbfea.noarch.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.aarch64.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.ppc64le.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.s390x.rpm

npm-1:9.5.0-1.18.14.2.3.module+el9.2.0+14843+acebbfea.x86_64.rpm

References

No References

CVEs

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31124

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31130

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-31147

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32067

Severity
Name: RLSA-2023:3577
Affected Products: Rocky Linux 9

Fixes

https://bugzilla.redhat.com/show_bug.cgi?id=2209494

https://bugzilla.redhat.com/show_bug.cgi?id=2209497

https://bugzilla.redhat.com/show_bug.cgi?id=2209501

https://bugzilla.redhat.com/show_bug.cgi?id=2209502


Related News

Kali Linux 2023.4 Released With New Hacking Tools

Dec 6, 2023

Krasue RAT Malware Hides on Linux Servers Using Embedded Rootkits

Dec 7, 2023

The Present & Future of Kernel Security: Linux's Unique Method for Securing Code

Dec 8, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Password Guessing as an Attack Vector
Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management

About Us

Powered By

Footer Logo