- Issued:
- 2021-07-28
- Updated:
- 2021-07-28
RHSA-2021:2932 - Security Advisory
Synopsis
Moderate: rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon security update
Type/Severity
Security Advisory: Moderate
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs (14.17.2).
Security Fix(es):
- nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl() (CVE-2021-23362)
- nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode (CVE-2021-27290)
- normalize-url: ReDoS for data URLs (CVE-2021-33502)
- libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
- ECDHE ciphers missing in rh-nodejs14 (BZ#1942591)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7 ppc64le
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
- Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
Fixes
- BZ - 1941471 - CVE-2021-27290 nodejs-ssri: Regular expression DoS (ReDoS) when parsing malicious SRI in strict mode
- BZ - 1942591 - ECDHE ciphers missing in rh-nodejs14 [rhscl-3.7.z]
- BZ - 1943208 - CVE-2021-23362 nodejs-hosted-git-info: Regular Expression denial of service via shortcutMatch in fromUrl()
- BZ - 1964461 - CVE-2021-33502 normalize-url: ReDoS for data URLs
- BZ - 1979338 - CVE-2021-22918 libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7
| SRPM | |
|---|---|
| rh-nodejs14-nodejs-14.17.2-1.el7.src.rpm | SHA-256: 5153b67158232b3827bedc59b66a9d141642d5f45b964c50db71786f687ce5c8 |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 6049ec84dd33dda8c954e7239e43e6879f4546921c6b9f88c6eecbee13609e09 |
| x86_64 | |
| rh-nodejs14-nodejs-14.17.2-1.el7.x86_64.rpm | SHA-256: 49dad058dd5df6ee6883a0ca679b1fd142bc9eee2a99cfb39020e4e2abe5bb94 |
| rh-nodejs14-nodejs-debuginfo-14.17.2-1.el7.x86_64.rpm | SHA-256: dac940fda32ddae63398b65358116681811198a32dc5f4dff45fd7b00d12c0be |
| rh-nodejs14-nodejs-devel-14.17.2-1.el7.x86_64.rpm | SHA-256: 720f3150b1924627cb8fc1f24e9bbf15c4275395a62b11a625024e03a74b1fe2 |
| rh-nodejs14-nodejs-docs-14.17.2-1.el7.noarch.rpm | SHA-256: 38889caeb39792de830885fb24dccf34a3a9a573e6b7b21354fe9bca10fed1fa |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: 29533614dd79336a3fd87fc1a3d7f18063b22d9e13ed1d11569a4885c9abdc05 |
| rh-nodejs14-npm-6.14.13-14.17.2.1.el7.x86_64.rpm | SHA-256: 32fec291c7651ad72035701488e80c60bf8c96a0e4ce6ba4e9e46fc4ecccaf19 |
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7.7
| SRPM | |
|---|---|
| rh-nodejs14-nodejs-14.17.2-1.el7.src.rpm | SHA-256: 5153b67158232b3827bedc59b66a9d141642d5f45b964c50db71786f687ce5c8 |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 6049ec84dd33dda8c954e7239e43e6879f4546921c6b9f88c6eecbee13609e09 |
| s390x | |
| rh-nodejs14-nodejs-14.17.2-1.el7.s390x.rpm | SHA-256: 8a5e0306de03e1248ba2d8bc412b0b949e8bff03ddfefd088b3027a631145393 |
| rh-nodejs14-nodejs-debuginfo-14.17.2-1.el7.s390x.rpm | SHA-256: fca4c36e7ad089123abe28e0b4761cc990d910cfc58c03b4f3fff66ee6bda140 |
| rh-nodejs14-nodejs-devel-14.17.2-1.el7.s390x.rpm | SHA-256: 0009a1479c5ceedcce6dbdde7d0a669d6a977a8586f1ac89401d099e01960c25 |
| rh-nodejs14-nodejs-docs-14.17.2-1.el7.noarch.rpm | SHA-256: 38889caeb39792de830885fb24dccf34a3a9a573e6b7b21354fe9bca10fed1fa |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: 29533614dd79336a3fd87fc1a3d7f18063b22d9e13ed1d11569a4885c9abdc05 |
| rh-nodejs14-npm-6.14.13-14.17.2.1.el7.s390x.rpm | SHA-256: 71a2644c59efedd7b2f390d14a9b14196352b43d9e5283493692914c8b4f5ece |
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7.7
| SRPM | |
|---|---|
| rh-nodejs14-nodejs-14.17.2-1.el7.src.rpm | SHA-256: 5153b67158232b3827bedc59b66a9d141642d5f45b964c50db71786f687ce5c8 |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 6049ec84dd33dda8c954e7239e43e6879f4546921c6b9f88c6eecbee13609e09 |
| ppc64le | |
| rh-nodejs14-nodejs-14.17.2-1.el7.ppc64le.rpm | SHA-256: 9f6bae2d43eb4de6b64c3b79da67df15b3fea9a682b7c72002da3a1df923e7f7 |
| rh-nodejs14-nodejs-debuginfo-14.17.2-1.el7.ppc64le.rpm | SHA-256: 4034af8b41c11a2313978783382542435253fe209ded9c489500d96a1f2d4820 |
| rh-nodejs14-nodejs-devel-14.17.2-1.el7.ppc64le.rpm | SHA-256: 7833ad4d329d0a7ffbc363c4afee9fa63ec260697d574934c050236c3bba3ac2 |
| rh-nodejs14-nodejs-docs-14.17.2-1.el7.noarch.rpm | SHA-256: 38889caeb39792de830885fb24dccf34a3a9a573e6b7b21354fe9bca10fed1fa |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: 29533614dd79336a3fd87fc1a3d7f18063b22d9e13ed1d11569a4885c9abdc05 |
| rh-nodejs14-npm-6.14.13-14.17.2.1.el7.ppc64le.rpm | SHA-256: a4267c65d6073ba4a752a89015a933328d612d4ddab252d7d1188471688687bc |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs14-nodejs-14.17.2-1.el7.src.rpm | SHA-256: 5153b67158232b3827bedc59b66a9d141642d5f45b964c50db71786f687ce5c8 |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 6049ec84dd33dda8c954e7239e43e6879f4546921c6b9f88c6eecbee13609e09 |
| x86_64 | |
| rh-nodejs14-nodejs-14.17.2-1.el7.x86_64.rpm | SHA-256: 49dad058dd5df6ee6883a0ca679b1fd142bc9eee2a99cfb39020e4e2abe5bb94 |
| rh-nodejs14-nodejs-debuginfo-14.17.2-1.el7.x86_64.rpm | SHA-256: dac940fda32ddae63398b65358116681811198a32dc5f4dff45fd7b00d12c0be |
| rh-nodejs14-nodejs-devel-14.17.2-1.el7.x86_64.rpm | SHA-256: 720f3150b1924627cb8fc1f24e9bbf15c4275395a62b11a625024e03a74b1fe2 |
| rh-nodejs14-nodejs-docs-14.17.2-1.el7.noarch.rpm | SHA-256: 38889caeb39792de830885fb24dccf34a3a9a573e6b7b21354fe9bca10fed1fa |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: 29533614dd79336a3fd87fc1a3d7f18063b22d9e13ed1d11569a4885c9abdc05 |
| rh-nodejs14-npm-6.14.13-14.17.2.1.el7.x86_64.rpm | SHA-256: 32fec291c7651ad72035701488e80c60bf8c96a0e4ce6ba4e9e46fc4ecccaf19 |
Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs14-nodejs-14.17.2-1.el7.src.rpm | SHA-256: 5153b67158232b3827bedc59b66a9d141642d5f45b964c50db71786f687ce5c8 |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 6049ec84dd33dda8c954e7239e43e6879f4546921c6b9f88c6eecbee13609e09 |
| s390x | |
| rh-nodejs14-nodejs-14.17.2-1.el7.s390x.rpm | SHA-256: 8a5e0306de03e1248ba2d8bc412b0b949e8bff03ddfefd088b3027a631145393 |
| rh-nodejs14-nodejs-debuginfo-14.17.2-1.el7.s390x.rpm | SHA-256: fca4c36e7ad089123abe28e0b4761cc990d910cfc58c03b4f3fff66ee6bda140 |
| rh-nodejs14-nodejs-devel-14.17.2-1.el7.s390x.rpm | SHA-256: 0009a1479c5ceedcce6dbdde7d0a669d6a977a8586f1ac89401d099e01960c25 |
| rh-nodejs14-nodejs-docs-14.17.2-1.el7.noarch.rpm | SHA-256: 38889caeb39792de830885fb24dccf34a3a9a573e6b7b21354fe9bca10fed1fa |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: 29533614dd79336a3fd87fc1a3d7f18063b22d9e13ed1d11569a4885c9abdc05 |
| rh-nodejs14-npm-6.14.13-14.17.2.1.el7.s390x.rpm | SHA-256: 71a2644c59efedd7b2f390d14a9b14196352b43d9e5283493692914c8b4f5ece |
Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs14-nodejs-14.17.2-1.el7.src.rpm | SHA-256: 5153b67158232b3827bedc59b66a9d141642d5f45b964c50db71786f687ce5c8 |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 6049ec84dd33dda8c954e7239e43e6879f4546921c6b9f88c6eecbee13609e09 |
| ppc64le | |
| rh-nodejs14-nodejs-14.17.2-1.el7.ppc64le.rpm | SHA-256: 9f6bae2d43eb4de6b64c3b79da67df15b3fea9a682b7c72002da3a1df923e7f7 |
| rh-nodejs14-nodejs-debuginfo-14.17.2-1.el7.ppc64le.rpm | SHA-256: 4034af8b41c11a2313978783382542435253fe209ded9c489500d96a1f2d4820 |
| rh-nodejs14-nodejs-devel-14.17.2-1.el7.ppc64le.rpm | SHA-256: 7833ad4d329d0a7ffbc363c4afee9fa63ec260697d574934c050236c3bba3ac2 |
| rh-nodejs14-nodejs-docs-14.17.2-1.el7.noarch.rpm | SHA-256: 38889caeb39792de830885fb24dccf34a3a9a573e6b7b21354fe9bca10fed1fa |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: 29533614dd79336a3fd87fc1a3d7f18063b22d9e13ed1d11569a4885c9abdc05 |
| rh-nodejs14-npm-6.14.13-14.17.2.1.el7.ppc64le.rpm | SHA-256: a4267c65d6073ba4a752a89015a933328d612d4ddab252d7d1188471688687bc |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs14-nodejs-14.17.2-1.el7.src.rpm | SHA-256: 5153b67158232b3827bedc59b66a9d141642d5f45b964c50db71786f687ce5c8 |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.src.rpm | SHA-256: 6049ec84dd33dda8c954e7239e43e6879f4546921c6b9f88c6eecbee13609e09 |
| x86_64 | |
| rh-nodejs14-nodejs-14.17.2-1.el7.x86_64.rpm | SHA-256: 49dad058dd5df6ee6883a0ca679b1fd142bc9eee2a99cfb39020e4e2abe5bb94 |
| rh-nodejs14-nodejs-debuginfo-14.17.2-1.el7.x86_64.rpm | SHA-256: dac940fda32ddae63398b65358116681811198a32dc5f4dff45fd7b00d12c0be |
| rh-nodejs14-nodejs-devel-14.17.2-1.el7.x86_64.rpm | SHA-256: 720f3150b1924627cb8fc1f24e9bbf15c4275395a62b11a625024e03a74b1fe2 |
| rh-nodejs14-nodejs-docs-14.17.2-1.el7.noarch.rpm | SHA-256: 38889caeb39792de830885fb24dccf34a3a9a573e6b7b21354fe9bca10fed1fa |
| rh-nodejs14-nodejs-nodemon-2.0.3-2.el7.noarch.rpm | SHA-256: 29533614dd79336a3fd87fc1a3d7f18063b22d9e13ed1d11569a4885c9abdc05 |
| rh-nodejs14-npm-6.14.13-14.17.2.1.el7.x86_64.rpm | SHA-256: 32fec291c7651ad72035701488e80c60bf8c96a0e4ce6ba4e9e46fc4ecccaf19 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.