- Issued:
- 2021-07-28
- Updated:
- 2021-07-28
RHSA-2021:2931 - Security Advisory
Synopsis
Moderate: rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for rh-nodejs12-nodejs and rh-nodejs12-nodejs-nodemon is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs (12.22.2).
Security Fix(es):
- nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
- nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode (CVE-2021-27290)
- normalize-url: ReDoS for data URLs (CVE-2021-33502)
- libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- ECDHE ciphers missing in rh-nodejs12 (BZ#1942592)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 1941471 - CVE-2021-27290 nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
- BZ - 1942592 - ECDHE ciphers missing in rh-nodejs12 [rhscl-3.6.z]
- BZ - 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
- BZ - 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs
- BZ - 1979338 - CVE-2021-22918 libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7
| SRPM | |
|---|---|
| rh-nodejs12-nodejs-12.22.2-1.el7.src.rpm | SHA-256: 3f9a70349d607be25950eb09ed03972a9d91656ab72d7f67a56d52fe411c974a |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 804dacba09bb34800e02e1e6bab88fe3798efe945bda06ed3a4b99be63530083 |
| x86_64 | |
| rh-nodejs12-nodejs-12.22.2-1.el7.x86_64.rpm | SHA-256: 9360b397d9c34e910cb0d94858238b58d92df3532e658b8d48cd61caf0d744f3 |
| rh-nodejs12-nodejs-debuginfo-12.22.2-1.el7.x86_64.rpm | SHA-256: 80a03d6c4fd9be620685381145c3bea2c86f6776d06508da0e69fe41379725fd |
| rh-nodejs12-nodejs-devel-12.22.2-1.el7.x86_64.rpm | SHA-256: ca8b3bd3689318adb1a22d887d0fca862f2a76511ef6b0af5c2c48cabe310237 |
| rh-nodejs12-nodejs-docs-12.22.2-1.el7.noarch.rpm | SHA-256: 49f43517b7a7a84abde77d4dacbca5b7dc89d069de41d0c155c0d23ad480f893 |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: a0cc9be8e3775a67da70139464943821d7a1b09f7e1fd55edbd60908fa02503d |
| rh-nodejs12-npm-6.14.13-12.22.2.1.el7.x86_64.rpm | SHA-256: eaa5ba6993e02497d3041569ef36d87a453f22d9bfddfd9f394eeabadca36f9d |
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7
| SRPM | |
|---|---|
| rh-nodejs12-nodejs-12.22.2-1.el7.src.rpm | SHA-256: 3f9a70349d607be25950eb09ed03972a9d91656ab72d7f67a56d52fe411c974a |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 804dacba09bb34800e02e1e6bab88fe3798efe945bda06ed3a4b99be63530083 |
| s390x | |
| rh-nodejs12-nodejs-12.22.2-1.el7.s390x.rpm | SHA-256: 85a03ea6ca13c413d5172265ee8166e76be2b4cdd8f7191d6bf6ab9ee2cd9881 |
| rh-nodejs12-nodejs-debuginfo-12.22.2-1.el7.s390x.rpm | SHA-256: ceeb5e7db633411b846e2ee53d496325b390482a48196a76969cab976f8d846a |
| rh-nodejs12-nodejs-devel-12.22.2-1.el7.s390x.rpm | SHA-256: 462325b580dfc1b4c916b8fd855ab11e68c211aa8b08b317c3e631ef6cd0d067 |
| rh-nodejs12-nodejs-docs-12.22.2-1.el7.noarch.rpm | SHA-256: 49f43517b7a7a84abde77d4dacbca5b7dc89d069de41d0c155c0d23ad480f893 |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: a0cc9be8e3775a67da70139464943821d7a1b09f7e1fd55edbd60908fa02503d |
| rh-nodejs12-npm-6.14.13-12.22.2.1.el7.s390x.rpm | SHA-256: 8bba00b83b0d1de10f9db1d2d887b9ef5374e4809ad17b911d1151a7974f4305 |
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7
| SRPM | |
|---|---|
| rh-nodejs12-nodejs-12.22.2-1.el7.src.rpm | SHA-256: 3f9a70349d607be25950eb09ed03972a9d91656ab72d7f67a56d52fe411c974a |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 804dacba09bb34800e02e1e6bab88fe3798efe945bda06ed3a4b99be63530083 |
| ppc64le | |
| rh-nodejs12-nodejs-12.22.2-1.el7.ppc64le.rpm | SHA-256: 6c6ee274b50976a349a199405f1ebf41c15d45737ee2468439ce19bf7c3169d4 |
| rh-nodejs12-nodejs-debuginfo-12.22.2-1.el7.ppc64le.rpm | SHA-256: ed00afbd879448b4d33c6710d9890496c2a025dea332d097f81ed63aefa671c8 |
| rh-nodejs12-nodejs-devel-12.22.2-1.el7.ppc64le.rpm | SHA-256: 152fac86a1740fee82cd47a810e85c1589e5bd05273eefc9865ea82b1b6cdb47 |
| rh-nodejs12-nodejs-docs-12.22.2-1.el7.noarch.rpm | SHA-256: 49f43517b7a7a84abde77d4dacbca5b7dc89d069de41d0c155c0d23ad480f893 |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: a0cc9be8e3775a67da70139464943821d7a1b09f7e1fd55edbd60908fa02503d |
| rh-nodejs12-npm-6.14.13-12.22.2.1.el7.ppc64le.rpm | SHA-256: 94d778f8e5279d2b79592ed37490565dc4aa1cd1699450556915e1fe8d521183 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs12-nodejs-12.22.2-1.el7.src.rpm | SHA-256: 3f9a70349d607be25950eb09ed03972a9d91656ab72d7f67a56d52fe411c974a |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 804dacba09bb34800e02e1e6bab88fe3798efe945bda06ed3a4b99be63530083 |
| x86_64 | |
| rh-nodejs12-nodejs-12.22.2-1.el7.x86_64.rpm | SHA-256: 9360b397d9c34e910cb0d94858238b58d92df3532e658b8d48cd61caf0d744f3 |
| rh-nodejs12-nodejs-debuginfo-12.22.2-1.el7.x86_64.rpm | SHA-256: 80a03d6c4fd9be620685381145c3bea2c86f6776d06508da0e69fe41379725fd |
| rh-nodejs12-nodejs-devel-12.22.2-1.el7.x86_64.rpm | SHA-256: ca8b3bd3689318adb1a22d887d0fca862f2a76511ef6b0af5c2c48cabe310237 |
| rh-nodejs12-nodejs-docs-12.22.2-1.el7.noarch.rpm | SHA-256: 49f43517b7a7a84abde77d4dacbca5b7dc89d069de41d0c155c0d23ad480f893 |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: a0cc9be8e3775a67da70139464943821d7a1b09f7e1fd55edbd60908fa02503d |
| rh-nodejs12-npm-6.14.13-12.22.2.1.el7.x86_64.rpm | SHA-256: eaa5ba6993e02497d3041569ef36d87a453f22d9bfddfd9f394eeabadca36f9d |
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs12-nodejs-12.22.2-1.el7.src.rpm | SHA-256: 3f9a70349d607be25950eb09ed03972a9d91656ab72d7f67a56d52fe411c974a |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 804dacba09bb34800e02e1e6bab88fe3798efe945bda06ed3a4b99be63530083 |
| s390x | |
| rh-nodejs12-nodejs-12.22.2-1.el7.s390x.rpm | SHA-256: 85a03ea6ca13c413d5172265ee8166e76be2b4cdd8f7191d6bf6ab9ee2cd9881 |
| rh-nodejs12-nodejs-debuginfo-12.22.2-1.el7.s390x.rpm | SHA-256: ceeb5e7db633411b846e2ee53d496325b390482a48196a76969cab976f8d846a |
| rh-nodejs12-nodejs-devel-12.22.2-1.el7.s390x.rpm | SHA-256: 462325b580dfc1b4c916b8fd855ab11e68c211aa8b08b317c3e631ef6cd0d067 |
| rh-nodejs12-nodejs-docs-12.22.2-1.el7.noarch.rpm | SHA-256: 49f43517b7a7a84abde77d4dacbca5b7dc89d069de41d0c155c0d23ad480f893 |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: a0cc9be8e3775a67da70139464943821d7a1b09f7e1fd55edbd60908fa02503d |
| rh-nodejs12-npm-6.14.13-12.22.2.1.el7.s390x.rpm | SHA-256: 8bba00b83b0d1de10f9db1d2d887b9ef5374e4809ad17b911d1151a7974f4305 |
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs12-nodejs-12.22.2-1.el7.src.rpm | SHA-256: 3f9a70349d607be25950eb09ed03972a9d91656ab72d7f67a56d52fe411c974a |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 804dacba09bb34800e02e1e6bab88fe3798efe945bda06ed3a4b99be63530083 |
| ppc64le | |
| rh-nodejs12-nodejs-12.22.2-1.el7.ppc64le.rpm | SHA-256: 6c6ee274b50976a349a199405f1ebf41c15d45737ee2468439ce19bf7c3169d4 |
| rh-nodejs12-nodejs-debuginfo-12.22.2-1.el7.ppc64le.rpm | SHA-256: ed00afbd879448b4d33c6710d9890496c2a025dea332d097f81ed63aefa671c8 |
| rh-nodejs12-nodejs-devel-12.22.2-1.el7.ppc64le.rpm | SHA-256: 152fac86a1740fee82cd47a810e85c1589e5bd05273eefc9865ea82b1b6cdb47 |
| rh-nodejs12-nodejs-docs-12.22.2-1.el7.noarch.rpm | SHA-256: 49f43517b7a7a84abde77d4dacbca5b7dc89d069de41d0c155c0d23ad480f893 |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: a0cc9be8e3775a67da70139464943821d7a1b09f7e1fd55edbd60908fa02503d |
| rh-nodejs12-npm-6.14.13-12.22.2.1.el7.ppc64le.rpm | SHA-256: 94d778f8e5279d2b79592ed37490565dc4aa1cd1699450556915e1fe8d521183 |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs12-nodejs-12.22.2-1.el7.src.rpm | SHA-256: 3f9a70349d607be25950eb09ed03972a9d91656ab72d7f67a56d52fe411c974a |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 804dacba09bb34800e02e1e6bab88fe3798efe945bda06ed3a4b99be63530083 |
| x86_64 | |
| rh-nodejs12-nodejs-12.22.2-1.el7.x86_64.rpm | SHA-256: 9360b397d9c34e910cb0d94858238b58d92df3532e658b8d48cd61caf0d744f3 |
| rh-nodejs12-nodejs-debuginfo-12.22.2-1.el7.x86_64.rpm | SHA-256: 80a03d6c4fd9be620685381145c3bea2c86f6776d06508da0e69fe41379725fd |
| rh-nodejs12-nodejs-devel-12.22.2-1.el7.x86_64.rpm | SHA-256: ca8b3bd3689318adb1a22d887d0fca862f2a76511ef6b0af5c2c48cabe310237 |
| rh-nodejs12-nodejs-docs-12.22.2-1.el7.noarch.rpm | SHA-256: 49f43517b7a7a84abde77d4dacbca5b7dc89d069de41d0c155c0d23ad480f893 |
| rh-nodejs12-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: a0cc9be8e3775a67da70139464943821d7a1b09f7e1fd55edbd60908fa02503d |
| rh-nodejs12-npm-6.14.13-12.22.2.1.el7.x86_64.rpm | SHA-256: eaa5ba6993e02497d3041569ef36d87a453f22d9bfddfd9f394eeabadca36f9d |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.