RLSA-2023:7205

Опубликовано: 28 нояб. 2023

Источник: rocky

Оценка: Important

Описание

Important: nodejs:20 security update

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)
nodejs: permission model improperly protects against path traversal (CVE-2023-39331)
nodejs: path traversal through path stored in Uint8Array (CVE-2023-39332)
nodejs: integrity checks according to policies can be circumvented (CVE-2023-38552)
nodejs: code injection via WebAssembly export names (CVE-2023-39333)
node-undici: cookie leakage (CVE-2023-45143)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Наименование	Архитектура	Релиз	RPM
nodejs-nodemon	noarch	1.module+el8.8.0+1459+02651ab6	nodejs-nodemon-3.0.1-1.module+el8.8.0+1459+02651ab6.noarch.rpm
nodejs-nodemon	noarch	1.module+el8.8.0+1459+02651ab6	nodejs-nodemon-3.0.1-1.module+el8.8.0+1459+02651ab6.noarch.rpm
nodejs-packaging	noarch	4.module+el8.7.0+1072+5b168780	nodejs-packaging-2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm
nodejs-packaging	noarch	4.module+el8.7.0+1072+5b168780	nodejs-packaging-2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm
nodejs-packaging-bundler	noarch	4.module+el8.7.0+1072+5b168780	nodejs-packaging-bundler-2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm
nodejs-packaging-bundler	noarch	4.module+el8.7.0+1072+5b168780	nodejs-packaging-bundler-2021.06-4.module+el8.7.0+1072+5b168780.noarch.rpm