Red Hat Product Errata RHSA-2020:2895 - Security Advisory

Issued:: 2020-07-13
Updated:: 2020-07-13

RHSA-2020:2895 - Security Advisory

Overview
Updated Packages

Synopsis

Important: rh-nodejs12-nodejs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.18.2).

Security Fix(es):

ICU: Integer overflow in UnicodeString::doAppend() (CVE-2020-10531)
nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)
nodejs: TLS session reuse can lead to hostname verification bypass (CVE-2020-8172)
nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6 ppc64le
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
Red Hat Software Collections (for RHEL Server for ARM) 1 aarch64
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

BZ - 1807349 - CVE-2020-10531 ICU: Integer overflow in UnicodeString::doAppend()
BZ - 1813344 - CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload
BZ - 1844929 - CVE-2020-11080 nghttp2: overly large SETTINGS frames can lead to DoS
BZ - 1845247 - CVE-2020-8172 nodejs: TLS session reuse can lead to hostname verification bypass
BZ - 1845256 - CVE-2020-8174 nodejs: memory corruption in napi_get_value_string_* functions

CVEs

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
x86_64
rh-nodejs12-nodejs-12.18.2-1.el7.x86_64.rpm	SHA-256: e0b3db3c733b18cf105a67679fe6da6d39322a6b5605c89e5e70910994049de0
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.x86_64.rpm	SHA-256: 86017e74aa61befdc2f21fd68a9685f5804effa396e5baf117dde7669d730922
rh-nodejs12-nodejs-devel-12.18.2-1.el7.x86_64.rpm	SHA-256: a0fa01eb1987e13a44a4f11d91c87379e241cd27592899e1dde2deb0d0ba81f7
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.x86_64.rpm	SHA-256: 3efc5a60cc6ec9d789e9fea1fe25b540e313f1dce8e42c2b902fcf0e0e2a4e23

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
s390x
rh-nodejs12-nodejs-12.18.2-1.el7.s390x.rpm	SHA-256: b03c1e038457bcc7e173b96faf9a063f66c40e4df8f86b6ee241a8d5c1d38432
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.s390x.rpm	SHA-256: a5880e7d79ab6f1b190496de89cae20edfda08d33ac2c3fff0383302b12318f9
rh-nodejs12-nodejs-devel-12.18.2-1.el7.s390x.rpm	SHA-256: 93c25e984eaf303910c83270c82f9b4a34224004f81bee8d97af09d172a4a07d
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.s390x.rpm	SHA-256: 79f9a22e94dfeb3842b9e6e02c4b5ca2e19de285d357eec9a30038b505bff498

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
ppc64le
rh-nodejs12-nodejs-12.18.2-1.el7.ppc64le.rpm	SHA-256: 29d7da170b25878a99841bd0b79280b8c997e19dd7ab212c31b1bebd251b44fa
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.ppc64le.rpm	SHA-256: 9266f7bb246761318831adb9871b9a81db32d453e475a5cd726e1da2475bbafb
rh-nodejs12-nodejs-devel-12.18.2-1.el7.ppc64le.rpm	SHA-256: 2fb06dc885c61ae31a49898c5ca97fd92a8a8c950190fbb975d443fbfe892348
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.ppc64le.rpm	SHA-256: 123131f437016ac3b82e3ed3d2ae2330131c9d26053f318c1ad4368f311ce0dd

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
x86_64
rh-nodejs12-nodejs-12.18.2-1.el7.x86_64.rpm	SHA-256: e0b3db3c733b18cf105a67679fe6da6d39322a6b5605c89e5e70910994049de0
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.x86_64.rpm	SHA-256: 86017e74aa61befdc2f21fd68a9685f5804effa396e5baf117dde7669d730922
rh-nodejs12-nodejs-devel-12.18.2-1.el7.x86_64.rpm	SHA-256: a0fa01eb1987e13a44a4f11d91c87379e241cd27592899e1dde2deb0d0ba81f7
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.x86_64.rpm	SHA-256: 3efc5a60cc6ec9d789e9fea1fe25b540e313f1dce8e42c2b902fcf0e0e2a4e23

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.6

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
s390x
rh-nodejs12-nodejs-12.18.2-1.el7.s390x.rpm	SHA-256: b03c1e038457bcc7e173b96faf9a063f66c40e4df8f86b6ee241a8d5c1d38432
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.s390x.rpm	SHA-256: a5880e7d79ab6f1b190496de89cae20edfda08d33ac2c3fff0383302b12318f9
rh-nodejs12-nodejs-devel-12.18.2-1.el7.s390x.rpm	SHA-256: 93c25e984eaf303910c83270c82f9b4a34224004f81bee8d97af09d172a4a07d
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.s390x.rpm	SHA-256: 79f9a22e94dfeb3842b9e6e02c4b5ca2e19de285d357eec9a30038b505bff498

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.6

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
ppc64le
rh-nodejs12-nodejs-12.18.2-1.el7.ppc64le.rpm	SHA-256: 29d7da170b25878a99841bd0b79280b8c997e19dd7ab212c31b1bebd251b44fa
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.ppc64le.rpm	SHA-256: 9266f7bb246761318831adb9871b9a81db32d453e475a5cd726e1da2475bbafb
rh-nodejs12-nodejs-devel-12.18.2-1.el7.ppc64le.rpm	SHA-256: 2fb06dc885c61ae31a49898c5ca97fd92a8a8c950190fbb975d443fbfe892348
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.ppc64le.rpm	SHA-256: 123131f437016ac3b82e3ed3d2ae2330131c9d26053f318c1ad4368f311ce0dd

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
x86_64
rh-nodejs12-nodejs-12.18.2-1.el7.x86_64.rpm	SHA-256: e0b3db3c733b18cf105a67679fe6da6d39322a6b5605c89e5e70910994049de0
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.x86_64.rpm	SHA-256: 86017e74aa61befdc2f21fd68a9685f5804effa396e5baf117dde7669d730922
rh-nodejs12-nodejs-devel-12.18.2-1.el7.x86_64.rpm	SHA-256: a0fa01eb1987e13a44a4f11d91c87379e241cd27592899e1dde2deb0d0ba81f7
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.x86_64.rpm	SHA-256: 3efc5a60cc6ec9d789e9fea1fe25b540e313f1dce8e42c2b902fcf0e0e2a4e23

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
s390x
rh-nodejs12-nodejs-12.18.2-1.el7.s390x.rpm	SHA-256: b03c1e038457bcc7e173b96faf9a063f66c40e4df8f86b6ee241a8d5c1d38432
rh-nodejs12-nodejs-12.18.2-1.el7.s390x.rpm	SHA-256: b03c1e038457bcc7e173b96faf9a063f66c40e4df8f86b6ee241a8d5c1d38432
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.s390x.rpm	SHA-256: a5880e7d79ab6f1b190496de89cae20edfda08d33ac2c3fff0383302b12318f9
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.s390x.rpm	SHA-256: a5880e7d79ab6f1b190496de89cae20edfda08d33ac2c3fff0383302b12318f9
rh-nodejs12-nodejs-devel-12.18.2-1.el7.s390x.rpm	SHA-256: 93c25e984eaf303910c83270c82f9b4a34224004f81bee8d97af09d172a4a07d
rh-nodejs12-nodejs-devel-12.18.2-1.el7.s390x.rpm	SHA-256: 93c25e984eaf303910c83270c82f9b4a34224004f81bee8d97af09d172a4a07d
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.s390x.rpm	SHA-256: 79f9a22e94dfeb3842b9e6e02c4b5ca2e19de285d357eec9a30038b505bff498
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.s390x.rpm	SHA-256: 79f9a22e94dfeb3842b9e6e02c4b5ca2e19de285d357eec9a30038b505bff498

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
ppc64le
rh-nodejs12-nodejs-12.18.2-1.el7.ppc64le.rpm	SHA-256: 29d7da170b25878a99841bd0b79280b8c997e19dd7ab212c31b1bebd251b44fa
rh-nodejs12-nodejs-12.18.2-1.el7.ppc64le.rpm	SHA-256: 29d7da170b25878a99841bd0b79280b8c997e19dd7ab212c31b1bebd251b44fa
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.ppc64le.rpm	SHA-256: 9266f7bb246761318831adb9871b9a81db32d453e475a5cd726e1da2475bbafb
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.ppc64le.rpm	SHA-256: 9266f7bb246761318831adb9871b9a81db32d453e475a5cd726e1da2475bbafb
rh-nodejs12-nodejs-devel-12.18.2-1.el7.ppc64le.rpm	SHA-256: 2fb06dc885c61ae31a49898c5ca97fd92a8a8c950190fbb975d443fbfe892348
rh-nodejs12-nodejs-devel-12.18.2-1.el7.ppc64le.rpm	SHA-256: 2fb06dc885c61ae31a49898c5ca97fd92a8a8c950190fbb975d443fbfe892348
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.ppc64le.rpm	SHA-256: 123131f437016ac3b82e3ed3d2ae2330131c9d26053f318c1ad4368f311ce0dd
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.ppc64le.rpm	SHA-256: 123131f437016ac3b82e3ed3d2ae2330131c9d26053f318c1ad4368f311ce0dd

Red Hat Software Collections (for RHEL Server for ARM) 1

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
aarch64
rh-nodejs12-nodejs-12.18.2-1.el7.aarch64.rpm	SHA-256: 7cb9217dea255fa91df1589294309e6c8076180c500f4142c4c78c91c27f8d00
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.aarch64.rpm	SHA-256: cec3f6b30f8b46e1c8537fab877e12a9fbd3143cbf5a62f1cca12dbb8878b025
rh-nodejs12-nodejs-devel-12.18.2-1.el7.aarch64.rpm	SHA-256: c03b4979a913ba19d90356812570e555ac0afb080be7288c20bdb164f1971309
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.aarch64.rpm	SHA-256: 26a25a925157e710bb32fdb7ec5f04d27f8bc9967a62e54a344b8d3247ed78ba

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-nodejs12-nodejs-12.18.2-1.el7.src.rpm	SHA-256: 0495c375fb329991ab9623215cad5969b15243b83d9b48e951d4ba309dee1473
x86_64
rh-nodejs12-nodejs-12.18.2-1.el7.x86_64.rpm	SHA-256: e0b3db3c733b18cf105a67679fe6da6d39322a6b5605c89e5e70910994049de0
rh-nodejs12-nodejs-debuginfo-12.18.2-1.el7.x86_64.rpm	SHA-256: 86017e74aa61befdc2f21fd68a9685f5804effa396e5baf117dde7669d730922
rh-nodejs12-nodejs-devel-12.18.2-1.el7.x86_64.rpm	SHA-256: a0fa01eb1987e13a44a4f11d91c87379e241cd27592899e1dde2deb0d0ba81f7
rh-nodejs12-nodejs-docs-12.18.2-1.el7.noarch.rpm	SHA-256: 6b8ebfb941e9708305364ee60753ae5860f1da42c4443e3e961a66cc5bc6667d
rh-nodejs12-npm-6.14.5-12.18.2.1.el7.x86_64.rpm	SHA-256: 3efc5a60cc6ec9d789e9fea1fe25b540e313f1dce8e42c2b902fcf0e0e2a4e23

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation