Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Containers
  • Support Cases
  • Products & Services

    Products

    Support

    • Production Support
    • Development Support
    • Product Life Cycles

    Services

    • Consulting
    • Technical Account Management
    • Training & Certifications

    Documentation

    • Red Hat Enterprise Linux
    • Red Hat JBoss Enterprise Application Platform
    • Red Hat OpenStack Platform
    • Red Hat OpenShift Container Platform
    All Documentation

    Ecosystem Catalog

    • Red Hat Partner Ecosystem
    • Partner Resources
  • Tools

    Tools

    • Troubleshoot a product issue
    • Packages
    • Errata

    Customer Portal Labs

    • Configuration
    • Deployment
    • Security
    • Troubleshoot
    All labs

    Red Hat Insights

    Increase visibility into IT operations to detect and resolve technical issues before they impact your business.

    Learn More
    Go to Insights
  • Security

    Red Hat Product Security Center

    Engage with our Red Hat Product Security team, access security updates, and ensure your environments are not exposed to any known security vulnerabilities.

    Product Security Center

    Security Updates

    • Security Advisories
    • Red Hat CVE Database
    • Security Labs

    Keep your systems secure with Red Hat's specialized responses to security vulnerabilities.

    View Responses

    Resources

    • Security Blog
    • Security Measurement
    • Severity Ratings
    • Backporting Policies
    • Product Signing (GPG) Keys
  • Community

    Customer Portal Community

    • Discussions
    • Private Groups
    Community Activity

    Customer Events

    • Red Hat Convergence
    • Red Hat Summit

    Stories

    • Red Hat Subscription Value
    • You Asked. We Acted.
    • Open Source Communities
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift Container Platform
  • Red Hat OpenShift Data Science
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat Single Sign On
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2021:0741 - Security Advisory
Issued:
2021-03-08
Updated:
2021-03-08

RHSA-2021:0741 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: nodejs:10 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for the nodejs:10 module is now available for Red Hat Enterprise Linux 8.1 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs (10.24.0).

Security Fix(es):

  • nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)
  • nodejs: DNS rebinding in --inspect (CVE-2021-22884)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1 x86_64

Fixes

  • BZ - 1932014 - CVE-2021-22883 nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion
  • BZ - 1932024 - CVE-2021-22884 nodejs: DNS rebinding in --inspect

CVEs

  • CVE-2021-22883
  • CVE-2021-22884

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 8.1

SRPM
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.src.rpm SHA-256: dbb4c1e6959d68edfdc913e48cbdfbc4b8c4e69d7d01c433ceaf424eff3bbebc
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm SHA-256: fd478f2549e3bbf506de232a248b8fc61f0092d9fe186599745b0785cfc7e0c2
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm SHA-256: 01c71dee45a43aeedaa345bfcb877f73db8e5c0af0c606d1f2a2745c3e353f73
x86_64
nodejs-docs-10.24.0-1.module+el8.1.0+10161+5cffdac6.noarch.rpm SHA-256: d7e361a2a2efd5067286875d387ccb3aa075ef9767ebb3c1c00652ac86fb0e69
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm SHA-256: 403e2a69dac714c9c946b51af2cbcd1e25bc88c8e762236725d95c457d75d48f
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm SHA-256: 1e250d01555333a28809fb735793ce8a44b6b88ced07e80024722bd423ad6cda
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 9f9c09d3c27690921133bccfce978ba67a2f82c4352164440d6d92a0ea4d9966
nodejs-debuginfo-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 74cd2093576f33aa0b8997d1cf93b4c40f43270a8d7487de04e55b791440534d
nodejs-debugsource-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 0e66fceae8af625f2db8807ff134bd5788bba93c1a6702844eed5b2eadb79e55
nodejs-devel-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: df43f7cb26830e9578da7c4d9fb16823ee4dfaead60bfa0149bd747b12a472e5
nodejs-full-i18n-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 8a60eb443200db5a3f63c12d04249605f56512847f9371f18c5c5b22bc9dd5ff
npm-6.14.11-1.10.24.0.1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 90c207fb21ea09664e385ef7d8a17900bfb833ec31e3ad9629419f646312746a

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 8.1

SRPM
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.src.rpm SHA-256: dbb4c1e6959d68edfdc913e48cbdfbc4b8c4e69d7d01c433ceaf424eff3bbebc
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm SHA-256: fd478f2549e3bbf506de232a248b8fc61f0092d9fe186599745b0785cfc7e0c2
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm SHA-256: 01c71dee45a43aeedaa345bfcb877f73db8e5c0af0c606d1f2a2745c3e353f73
s390x
nodejs-docs-10.24.0-1.module+el8.1.0+10161+5cffdac6.noarch.rpm SHA-256: d7e361a2a2efd5067286875d387ccb3aa075ef9767ebb3c1c00652ac86fb0e69
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm SHA-256: 403e2a69dac714c9c946b51af2cbcd1e25bc88c8e762236725d95c457d75d48f
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm SHA-256: 1e250d01555333a28809fb735793ce8a44b6b88ced07e80024722bd423ad6cda
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.s390x.rpm SHA-256: a22cdfca36796d46b145817b6315ab706ac184dde02f5d33ce9d729a024d53fb
nodejs-debuginfo-10.24.0-1.module+el8.1.0+10161+5cffdac6.s390x.rpm SHA-256: e0a7801bc8322d5229b5950187fab2c13065a4028145e491c4351d21ccb399bf
nodejs-debugsource-10.24.0-1.module+el8.1.0+10161+5cffdac6.s390x.rpm SHA-256: 4bddca1d2270b441f580eb8ca1d476ba68bf88794b38fd4c745f7fecfa7115a0
nodejs-devel-10.24.0-1.module+el8.1.0+10161+5cffdac6.s390x.rpm SHA-256: 3eeb75eefae4d1cb56b0e5d8784ec45622b785a9df9486cde666451cbfc6916b
nodejs-full-i18n-10.24.0-1.module+el8.1.0+10161+5cffdac6.s390x.rpm SHA-256: 8579dadfc94af531dfce095dc6486e29b52f9d2a3ae0097c8c617be2c3e8e6a3
npm-6.14.11-1.10.24.0.1.module+el8.1.0+10161+5cffdac6.s390x.rpm SHA-256: 356bb19dc9250946784d0beda36050700a979a641261bbf646647635261674e2

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 8.1

SRPM
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.src.rpm SHA-256: dbb4c1e6959d68edfdc913e48cbdfbc4b8c4e69d7d01c433ceaf424eff3bbebc
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm SHA-256: fd478f2549e3bbf506de232a248b8fc61f0092d9fe186599745b0785cfc7e0c2
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm SHA-256: 01c71dee45a43aeedaa345bfcb877f73db8e5c0af0c606d1f2a2745c3e353f73
ppc64le
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: e2d0701a8c48d50ce42fa8fa1bc4a29dfc85c69451143a9c84b9d7e80fb306af
nodejs-debuginfo-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: 9c95aeac3d7d54298d4a4e177e74a1246c5f2b8fa261382c45bf0649017d8e8b
nodejs-debugsource-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: a22723b4a0a529e013bae4fc86d1e5abd51ef22617fee1adc78605eb214bf3ce
nodejs-devel-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: b97cef1ac8f3f609802a0b0b0382b65081e542b9d43415c12842a85a98cb13dd
nodejs-docs-10.24.0-1.module+el8.1.0+10161+5cffdac6.noarch.rpm SHA-256: d7e361a2a2efd5067286875d387ccb3aa075ef9767ebb3c1c00652ac86fb0e69
nodejs-full-i18n-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: 286e995994e78723bf31db8c8050f3ccf4f211d92a1f07c3784a362ebb695e3b
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm SHA-256: 403e2a69dac714c9c946b51af2cbcd1e25bc88c8e762236725d95c457d75d48f
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm SHA-256: 1e250d01555333a28809fb735793ce8a44b6b88ced07e80024722bd423ad6cda
npm-6.14.11-1.10.24.0.1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: 7de70495a178afa4ba77c03d70d265e4cea61a4c999cdce64f53c0ade7385146

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 8.1

SRPM
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.src.rpm SHA-256: dbb4c1e6959d68edfdc913e48cbdfbc4b8c4e69d7d01c433ceaf424eff3bbebc
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm SHA-256: fd478f2549e3bbf506de232a248b8fc61f0092d9fe186599745b0785cfc7e0c2
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm SHA-256: 01c71dee45a43aeedaa345bfcb877f73db8e5c0af0c606d1f2a2745c3e353f73
aarch64
nodejs-docs-10.24.0-1.module+el8.1.0+10161+5cffdac6.noarch.rpm SHA-256: d7e361a2a2efd5067286875d387ccb3aa075ef9767ebb3c1c00652ac86fb0e69
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm SHA-256: 403e2a69dac714c9c946b51af2cbcd1e25bc88c8e762236725d95c457d75d48f
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm SHA-256: 1e250d01555333a28809fb735793ce8a44b6b88ced07e80024722bd423ad6cda
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.aarch64.rpm SHA-256: 9128d28a72247b79e17d44381deabb97ff2602746b31fa461e797383bbb104dc
nodejs-debuginfo-10.24.0-1.module+el8.1.0+10161+5cffdac6.aarch64.rpm SHA-256: b5c058dd4081b3d6c83ba5427e6dbd963a095e43c55c27c05daff520a3721361
nodejs-debugsource-10.24.0-1.module+el8.1.0+10161+5cffdac6.aarch64.rpm SHA-256: f8d387c6adf34674eb405029a7e3364fd60e6d2d2a4850886c874b32bd98b689
nodejs-devel-10.24.0-1.module+el8.1.0+10161+5cffdac6.aarch64.rpm SHA-256: 150014c708bbf7889d4c58d929976da253a4a4c9926899b3671406a14eedc06f
nodejs-full-i18n-10.24.0-1.module+el8.1.0+10161+5cffdac6.aarch64.rpm SHA-256: 8aaf0334c31de65d6f37a7a400a7c04eef94de1c8998e21dc59d1617d957145e
npm-6.14.11-1.10.24.0.1.module+el8.1.0+10161+5cffdac6.aarch64.rpm SHA-256: 4c61c38aac09b613b9e262b5f0df93172de6f35435bbe4620df45de1e48c55e5

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 8.1

SRPM
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.src.rpm SHA-256: dbb4c1e6959d68edfdc913e48cbdfbc4b8c4e69d7d01c433ceaf424eff3bbebc
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm SHA-256: fd478f2549e3bbf506de232a248b8fc61f0092d9fe186599745b0785cfc7e0c2
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm SHA-256: 01c71dee45a43aeedaa345bfcb877f73db8e5c0af0c606d1f2a2745c3e353f73
ppc64le
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: e2d0701a8c48d50ce42fa8fa1bc4a29dfc85c69451143a9c84b9d7e80fb306af
nodejs-debuginfo-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: 9c95aeac3d7d54298d4a4e177e74a1246c5f2b8fa261382c45bf0649017d8e8b
nodejs-debugsource-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: a22723b4a0a529e013bae4fc86d1e5abd51ef22617fee1adc78605eb214bf3ce
nodejs-devel-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: b97cef1ac8f3f609802a0b0b0382b65081e542b9d43415c12842a85a98cb13dd
nodejs-docs-10.24.0-1.module+el8.1.0+10161+5cffdac6.noarch.rpm SHA-256: d7e361a2a2efd5067286875d387ccb3aa075ef9767ebb3c1c00652ac86fb0e69
nodejs-full-i18n-10.24.0-1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: 286e995994e78723bf31db8c8050f3ccf4f211d92a1f07c3784a362ebb695e3b
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm SHA-256: 403e2a69dac714c9c946b51af2cbcd1e25bc88c8e762236725d95c457d75d48f
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm SHA-256: 1e250d01555333a28809fb735793ce8a44b6b88ced07e80024722bd423ad6cda
npm-6.14.11-1.10.24.0.1.module+el8.1.0+10161+5cffdac6.ppc64le.rpm SHA-256: 7de70495a178afa4ba77c03d70d265e4cea61a4c999cdce64f53c0ade7385146

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 8.1

SRPM
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.src.rpm SHA-256: dbb4c1e6959d68edfdc913e48cbdfbc4b8c4e69d7d01c433ceaf424eff3bbebc
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.src.rpm SHA-256: fd478f2549e3bbf506de232a248b8fc61f0092d9fe186599745b0785cfc7e0c2
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.src.rpm SHA-256: 01c71dee45a43aeedaa345bfcb877f73db8e5c0af0c606d1f2a2745c3e353f73
x86_64
nodejs-docs-10.24.0-1.module+el8.1.0+10161+5cffdac6.noarch.rpm SHA-256: d7e361a2a2efd5067286875d387ccb3aa075ef9767ebb3c1c00652ac86fb0e69
nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpm SHA-256: 403e2a69dac714c9c946b51af2cbcd1e25bc88c8e762236725d95c457d75d48f
nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpm SHA-256: 1e250d01555333a28809fb735793ce8a44b6b88ced07e80024722bd423ad6cda
nodejs-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 9f9c09d3c27690921133bccfce978ba67a2f82c4352164440d6d92a0ea4d9966
nodejs-debuginfo-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 74cd2093576f33aa0b8997d1cf93b4c40f43270a8d7487de04e55b791440534d
nodejs-debugsource-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 0e66fceae8af625f2db8807ff134bd5788bba93c1a6702844eed5b2eadb79e55
nodejs-devel-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: df43f7cb26830e9578da7c4d9fb16823ee4dfaead60bfa0149bd747b12a472e5
nodejs-full-i18n-10.24.0-1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 8a60eb443200db5a3f63c12d04249605f56512847f9371f18c5c5b22bc9dd5ff
npm-6.14.11-1.10.24.0.1.module+el8.1.0+10161+5cffdac6.x86_64.rpm SHA-256: 90c207fb21ea09664e385ef7d8a17900bfb833ec31e3ad9629419f646312746a

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

About

  • Red Hat Subscription Value
  • About Red Hat
  • Red Hat Jobs
2023
  • Privacy Statement
  • Terms of Use
  • All Policies and Guidelines
We've updated our <a href='http://www.redhat.com/en/about/privacy-policy' class='privacy-policy'>Privacy Statement</a> effective September 15, 2023.
Red Hat Summit Red Hat Summit
Twitter