- Issued:
- 2020-11-04
- Updated:
- 2020-11-04
RHSA-2020:4903 - Security Advisory
Synopsis
Moderate: nodejs:12 security and bug fix update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs (12.18.4).
Security Fix(es):
- nodejs-dot-prop: prototype pollution (CVE-2020-8116)
- nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)
- npm: Sensitive information exposure through logs (CVE-2020-15095)
- libuv: buffer overflow in realpath (CVE-2020-8252)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- The nodejs:12/development module is not installable (BZ#1883965)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
- Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
- Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
- Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
- Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
- Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64
Fixes
- BZ - 1856875 - CVE-2020-15095 npm: Sensitive information exposure through logs
- BZ - 1868196 - CVE-2020-8116 nodejs-dot-prop: prototype pollution
- BZ - 1879311 - CVE-2020-8201 nodejs: HTTP request smuggling due to CR-to-Hyphen conversion
- BZ - 1879315 - CVE-2020-8252 libuv: buffer overflow in realpath
- BZ - 1883965 - The nodejs:12/development module is not installable [rhel-8.1.0.z]
Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1
SRPM | |
---|---|
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.src.rpm | SHA-256: 1be9f4b62af2f021f6cca1804c5e64b1b849aaa7a1726777a9e1c02d9eee2766 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: 80cf7c15a3befee321431ebf3b69aa6a5bb87ac23ce01b1231909515e9b35f1d |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8 |
x86_64 | |
nodejs-docs-12.18.4-2.module+el8.1.0+8360+14141500.noarch.rpm | SHA-256: d407641f345cb39e2f92b629f1a313340092070e2e8e73a2ee5a00a892f02901 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: 7cec68edabdbef818952af353aa2328813915c23ca332cc6a65db73b8b753541 |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af |
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: 5a4f375d08fbaca351aec07e34b409b99a09355c6de80aa7f473c973cb5ee216 |
nodejs-debuginfo-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: 76722537b6edddc24a70d9de614fd61289c99d44c4ff96bb1a2f475175b09109 |
nodejs-debugsource-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: dfce062a960f61e2e92f136ed8885b1acdd50de8d309a7a87d56890b91e713e6 |
nodejs-devel-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: dc1a0f09441fdb4faa005bd1b6d197aa64be90ff4c61ce785fff698ba5082f68 |
nodejs-full-i18n-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: 1471819e34b47d68d271849a620c6045b1055ba7b4270b7a7b42fff06aaa0ae2 |
npm-6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: b7010183dbeb998edecfcfdd2e475703253079b0b3997a894c0a5133ee63649d |
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1
SRPM | |
---|---|
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.src.rpm | SHA-256: 1be9f4b62af2f021f6cca1804c5e64b1b849aaa7a1726777a9e1c02d9eee2766 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: 80cf7c15a3befee321431ebf3b69aa6a5bb87ac23ce01b1231909515e9b35f1d |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8 |
s390x | |
nodejs-docs-12.18.4-2.module+el8.1.0+8360+14141500.noarch.rpm | SHA-256: d407641f345cb39e2f92b629f1a313340092070e2e8e73a2ee5a00a892f02901 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: 7cec68edabdbef818952af353aa2328813915c23ca332cc6a65db73b8b753541 |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af |
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.s390x.rpm | SHA-256: 4bbcd5102e60bf429724b9cb0fb7fdfcd6245dd41e79a1b2287a64652c77061f |
nodejs-debuginfo-12.18.4-2.module+el8.1.0+8360+14141500.s390x.rpm | SHA-256: a9a24a48932b126d1fcdd22b9f872ad3eb784010c0b5b3da1b68a5bc93c76b0d |
nodejs-debugsource-12.18.4-2.module+el8.1.0+8360+14141500.s390x.rpm | SHA-256: 836b5dfd69225468372780f00df06279e90baafb12ce548d4ada1305ea251605 |
nodejs-devel-12.18.4-2.module+el8.1.0+8360+14141500.s390x.rpm | SHA-256: 77a2e077992e4962f35299536aa880364b5102228471e35dc5226683cbdd53a8 |
nodejs-full-i18n-12.18.4-2.module+el8.1.0+8360+14141500.s390x.rpm | SHA-256: 2999c2343553aef282005bdb1424b65e1e75f1bffc25de8c90a9c207c6b5f4ff |
npm-6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500.s390x.rpm | SHA-256: e939ad5a040e1da8b14e3e12ecb0e40bc56c2a3bef96566dbf8958ceeb8401d0 |
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1
SRPM | |
---|---|
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.src.rpm | SHA-256: 1be9f4b62af2f021f6cca1804c5e64b1b849aaa7a1726777a9e1c02d9eee2766 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: 80cf7c15a3befee321431ebf3b69aa6a5bb87ac23ce01b1231909515e9b35f1d |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8 |
ppc64le | |
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: bded9a9ed72f6a120786c2252345718e3e958083e1154ac3219ec320b3438920 |
nodejs-debuginfo-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 05344711509dc281ec513cc40ad73854a4d3f33aaf6c696ca50758c7314ec716 |
nodejs-debugsource-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 942612f790e87818fc4d3079b2eacabdbb540fbd57c580d71c81722205fd7bb8 |
nodejs-devel-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 496cc2e7630b2efeaac0cfc9bebca6de69215157fe6f82d58c4a5029105d3916 |
nodejs-docs-12.18.4-2.module+el8.1.0+8360+14141500.noarch.rpm | SHA-256: d407641f345cb39e2f92b629f1a313340092070e2e8e73a2ee5a00a892f02901 |
nodejs-full-i18n-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 532367d1a836df8d506dbc0390189f2548a1efcfab723bf12d26f6da21416dd3 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: 7cec68edabdbef818952af353aa2328813915c23ca332cc6a65db73b8b753541 |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af |
npm-6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 61d3da66423ff7b31cc8e1f80973de8f891cab288562e8ec9db6a9192b802342 |
Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1
SRPM | |
---|---|
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.src.rpm | SHA-256: 1be9f4b62af2f021f6cca1804c5e64b1b849aaa7a1726777a9e1c02d9eee2766 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: 80cf7c15a3befee321431ebf3b69aa6a5bb87ac23ce01b1231909515e9b35f1d |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8 |
aarch64 | |
nodejs-docs-12.18.4-2.module+el8.1.0+8360+14141500.noarch.rpm | SHA-256: d407641f345cb39e2f92b629f1a313340092070e2e8e73a2ee5a00a892f02901 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: 7cec68edabdbef818952af353aa2328813915c23ca332cc6a65db73b8b753541 |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af |
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.aarch64.rpm | SHA-256: d41c3f32e5aaf43b92662d966b208841b2cf155e4af40596c7a99f3ecfea617d |
nodejs-debuginfo-12.18.4-2.module+el8.1.0+8360+14141500.aarch64.rpm | SHA-256: dffda2c7416c4b6a1eabf14ceab72c2f3d63e867389d91807f09d2d673b836a0 |
nodejs-debugsource-12.18.4-2.module+el8.1.0+8360+14141500.aarch64.rpm | SHA-256: 387654128d2cff23449c85d062b2f58ce142fb71003e538983bb2320af614008 |
nodejs-devel-12.18.4-2.module+el8.1.0+8360+14141500.aarch64.rpm | SHA-256: 38b8a7539c6bb20a6686655df178e61efa4d02960d68c41f6b491785201cbc64 |
nodejs-full-i18n-12.18.4-2.module+el8.1.0+8360+14141500.aarch64.rpm | SHA-256: 091b9e86bebfd7f6455781befe60eae05d1bb81ba3ea5b2757a028a60faadb13 |
npm-6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500.aarch64.rpm | SHA-256: 541c4e29033fffc1e588a958e741758129e0d8e6662c2569c79a756d5ca513b8 |
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1
SRPM | |
---|---|
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.src.rpm | SHA-256: 1be9f4b62af2f021f6cca1804c5e64b1b849aaa7a1726777a9e1c02d9eee2766 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: 80cf7c15a3befee321431ebf3b69aa6a5bb87ac23ce01b1231909515e9b35f1d |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8 |
ppc64le | |
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: bded9a9ed72f6a120786c2252345718e3e958083e1154ac3219ec320b3438920 |
nodejs-debuginfo-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 05344711509dc281ec513cc40ad73854a4d3f33aaf6c696ca50758c7314ec716 |
nodejs-debugsource-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 942612f790e87818fc4d3079b2eacabdbb540fbd57c580d71c81722205fd7bb8 |
nodejs-devel-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 496cc2e7630b2efeaac0cfc9bebca6de69215157fe6f82d58c4a5029105d3916 |
nodejs-docs-12.18.4-2.module+el8.1.0+8360+14141500.noarch.rpm | SHA-256: d407641f345cb39e2f92b629f1a313340092070e2e8e73a2ee5a00a892f02901 |
nodejs-full-i18n-12.18.4-2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 532367d1a836df8d506dbc0390189f2548a1efcfab723bf12d26f6da21416dd3 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: 7cec68edabdbef818952af353aa2328813915c23ca332cc6a65db73b8b753541 |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af |
npm-6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500.ppc64le.rpm | SHA-256: 61d3da66423ff7b31cc8e1f80973de8f891cab288562e8ec9db6a9192b802342 |
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1
SRPM | |
---|---|
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.src.rpm | SHA-256: 1be9f4b62af2f021f6cca1804c5e64b1b849aaa7a1726777a9e1c02d9eee2766 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: 80cf7c15a3befee321431ebf3b69aa6a5bb87ac23ce01b1231909515e9b35f1d |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm | SHA-256: b5eaa2d432ac0bbe70436e11c5d4caa25fb3cd4f19e47fd8ba146fd7b1bc92c8 |
x86_64 | |
nodejs-docs-12.18.4-2.module+el8.1.0+8360+14141500.noarch.rpm | SHA-256: d407641f345cb39e2f92b629f1a313340092070e2e8e73a2ee5a00a892f02901 |
nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: 7cec68edabdbef818952af353aa2328813915c23ca332cc6a65db73b8b753541 |
nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm | SHA-256: f8f0d58c915a6869e7c86c1571dada11513955c24f68dca6db34ea2eda2635af |
nodejs-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: 5a4f375d08fbaca351aec07e34b409b99a09355c6de80aa7f473c973cb5ee216 |
nodejs-debuginfo-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: 76722537b6edddc24a70d9de614fd61289c99d44c4ff96bb1a2f475175b09109 |
nodejs-debugsource-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: dfce062a960f61e2e92f136ed8885b1acdd50de8d309a7a87d56890b91e713e6 |
nodejs-devel-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: dc1a0f09441fdb4faa005bd1b6d197aa64be90ff4c61ce785fff698ba5082f68 |
nodejs-full-i18n-12.18.4-2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: 1471819e34b47d68d271849a620c6045b1055ba7b4270b7a7b42fff06aaa0ae2 |
npm-6.14.6-1.12.18.4.2.module+el8.1.0+8360+14141500.x86_64.rpm | SHA-256: b7010183dbeb998edecfcfdd2e475703253079b0b3997a894c0a5133ee63649d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.