Skip to navigation Skip to main content

Utilities

  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
Red Hat Customer Portal
  • Subscriptions
  • Downloads
  • Red Hat Console
  • Get Support
  • Products

    Top Products

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Products

    Downloads and Containers

    • Downloads
    • Packages
    • Containers

    Top Resources

    • Documentation
    • Product Life Cycles
    • Product Compliance
    • Errata
  • Knowledge

    Red Hat Knowledge Center

    • Knowledgebase Solutions
    • Knowledgebase Articles
    • Customer Portal Labs
    • Errata

    Top Product Docs

    • Red Hat Enterprise Linux
    • Red Hat OpenShift
    • Red Hat Ansible Automation Platform
    All Product Docs

    Training and Certification

    • About
    • Course Index
    • Certification Index
    • Skill Assessment
  • Security

    Red Hat Product Security Center

    • Security Updates
    • Security Advisories
    • Red Hat CVE Database
    • Errata

    References

    • Security Bulletins
    • Security Measurement
    • Severity Ratings
    • Security Data

    Top Resources

    • Security Labs
    • Backporting Policies
    • Security Blog
  • Support

    Red Hat Support

    • Support Cases
    • Troubleshoot
    • Get Support
    • Contact Red Hat Support

    Red Hat Community Support

    • Customer Portal Community
    • Community Discussions
    • Red Hat Accelerator Program

    Top Resources

    • Product Life Cycles
    • Customer Portal Labs
    • Red Hat JBoss Supported Configurations
    • Red Hat Insights
Or troubleshoot an issue.

Select Your Language

  • English
  • Français
  • 한국어
  • 日本語
  • 中文 (中国)

Infrastructure and Management

  • Red Hat Enterprise Linux
  • Red Hat Satellite
  • Red Hat Subscription Management
  • Red Hat Insights
  • Red Hat Ansible Automation Platform

Cloud Computing

  • Red Hat OpenShift
  • Red Hat OpenStack Platform
  • Red Hat OpenShift
  • Red Hat OpenShift AI
  • Red Hat OpenShift Dedicated
  • Red Hat Advanced Cluster Security for Kubernetes
  • Red Hat Advanced Cluster Management for Kubernetes
  • Red Hat Quay
  • Red Hat OpenShift Dev Spaces
  • Red Hat OpenShift Service on AWS

Storage

  • Red Hat Gluster Storage
  • Red Hat Hyperconverged Infrastructure
  • Red Hat Ceph Storage
  • Red Hat OpenShift Data Foundation

Runtimes

  • Red Hat Runtimes
  • Red Hat JBoss Enterprise Application Platform
  • Red Hat Data Grid
  • Red Hat JBoss Web Server
  • Red Hat build of Keycloak
  • Red Hat support for Spring Boot
  • Red Hat build of Node.js
  • Red Hat build of Quarkus

Integration and Automation

  • Red Hat Application Foundations
  • Red Hat Fuse
  • Red Hat AMQ
  • Red Hat 3scale API Management
All Products
Red Hat Product Errata RHSA-2023:4036 - Security Advisory
Issued:
2023-07-12
Updated:
2023-07-12

RHSA-2023:4036 - Security Advisory

  • Overview
  • Updated Packages

Synopsis

Important: nodejs security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for nodejs is now available for Red Hat Enterprise Linux 9.0 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)
  • c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)
  • c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)
  • c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0 x86_64
  • Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0 s390x
  • Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0 ppc64le
  • Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0 aarch64
  • Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0 ppc64le
  • Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0 x86_64
  • Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0 aarch64
  • Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0 s390x

Fixes

  • BZ - 2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation
  • BZ - 2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()
  • BZ - 2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs
  • BZ - 2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

CVEs

  • CVE-2023-31124
  • CVE-2023-31130
  • CVE-2023-31147
  • CVE-2023-32067

References

  • https://access.redhat.com/security/updates/classification/#important
Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
x86_64
nodejs-16.18.1-4.el9_0.x86_64.rpm SHA-256: b4db5a23b7f72c1a047b27a0e04c0b0d7ba19860ea924f3a957bbd38601b11b5
nodejs-debuginfo-16.18.1-4.el9_0.i686.rpm SHA-256: 4234ffc279b4827794ac456c4f7faf3153453d344a9a761a008fb849a4dd1e59
nodejs-debuginfo-16.18.1-4.el9_0.x86_64.rpm SHA-256: a8c375832077ece611f7fab99e880c4c3796834feb6f72ca5972292b5616e100
nodejs-debugsource-16.18.1-4.el9_0.i686.rpm SHA-256: 86c432882c75cb65f4582af355bb30284ae603f13415ecab751fd9fde736b1d7
nodejs-debugsource-16.18.1-4.el9_0.x86_64.rpm SHA-256: 49aec6773c004fe7bff757ba13dd0fbc92435302e9652887f7305e06d2014ba1
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.x86_64.rpm SHA-256: 4f81c8910fcb5c57a7851a05fa041826860baa0b193da409285f421d7e5c2492
nodejs-libs-16.18.1-4.el9_0.i686.rpm SHA-256: ef227d254b5ff86449188f46a13bbc7be2bae986b0100bc35343d4f3995e2842
nodejs-libs-16.18.1-4.el9_0.x86_64.rpm SHA-256: 4843242505afc9b4f62816d1245e45dee599a2f9dc1079d6fb5609e130dd78f5
nodejs-libs-debuginfo-16.18.1-4.el9_0.i686.rpm SHA-256: 05fb6dff9712ef0e33e58de3d42579dcce252ede5141a718e07a09116e712edc
nodejs-libs-debuginfo-16.18.1-4.el9_0.x86_64.rpm SHA-256: 229626aee27501bdd946cefb5d93e00efec4b1e6d418e106a0458403f2eb33f8
npm-8.19.2-1.16.18.1.4.el9_0.x86_64.rpm SHA-256: aed9fad6e8a7a932eba743711bb53b4d684faa1fb398bdb3e0a8380154e89b87

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
s390x
nodejs-16.18.1-4.el9_0.s390x.rpm SHA-256: da00e7b5f20d9d5b11fde8d4e45e35472e623f6e3ede33bbabc1b6f465c07ce0
nodejs-debuginfo-16.18.1-4.el9_0.s390x.rpm SHA-256: bfb4575baf4f5a3134546b3ea445dcc4de85347cb62ad526784e15e198d4beda
nodejs-debugsource-16.18.1-4.el9_0.s390x.rpm SHA-256: 35e790484df2a8a0dd322e0b2970cd97c2a52fdceebd18ddd25a3110e4250f17
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.s390x.rpm SHA-256: d8d4400c98b991f2f10e998f5cf186262d4c5c5432a943ea5dafe6606f5e3349
nodejs-libs-16.18.1-4.el9_0.s390x.rpm SHA-256: 6c2b318ecf7ce0631ecaa256f165dbc566ff5fd2ef67a1c8074e1869b77f6b8d
nodejs-libs-debuginfo-16.18.1-4.el9_0.s390x.rpm SHA-256: acc0f43a87f2705060e4984c6268c37081cb53374da9015354bb12da2866486b
npm-8.19.2-1.16.18.1.4.el9_0.s390x.rpm SHA-256: af091dede33d6b96b5b3ed65e7a3b24bffe74d9cdbd27a0b1f2d81a82ba2981f

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
ppc64le
nodejs-16.18.1-4.el9_0.ppc64le.rpm SHA-256: a912afd4671810867f4c0eb5d09c1f45fe8d5501c85d5040d4b1de892129ea51
nodejs-debuginfo-16.18.1-4.el9_0.ppc64le.rpm SHA-256: e5ba8d12fedc60569cf6c69753a5ee41b4a41617d376db342fd98751eab57ee0
nodejs-debugsource-16.18.1-4.el9_0.ppc64le.rpm SHA-256: 4c6f94050ac3d4f15a48198acdd0ea5670768902821bd97d9aaf1e79c748d71f
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.ppc64le.rpm SHA-256: dffd869ed788293a1c1f9898861743729ecadd29449aa99588e68ffb21b4816b
nodejs-libs-16.18.1-4.el9_0.ppc64le.rpm SHA-256: ce80fbf3d7bf0037e6d795c9551178b68063af59c01cb5606a925ed97ef3a4e6
nodejs-libs-debuginfo-16.18.1-4.el9_0.ppc64le.rpm SHA-256: 26eb0c4a10d320accb336253aab3b0eb9303b2c33deb2c2624f9c999f3285857
npm-8.19.2-1.16.18.1.4.el9_0.ppc64le.rpm SHA-256: 670c08aee29e03ca6130399e7ada703a0cc926f9ee2b291a991efb9f19fbc89d

Red Hat Enterprise Linux for ARM 64 - Extended Update Support 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
aarch64
nodejs-16.18.1-4.el9_0.aarch64.rpm SHA-256: 837af5c837abe23e779913d94a46878bebb9828b033f08fd60e239fb758ad04a
nodejs-debuginfo-16.18.1-4.el9_0.aarch64.rpm SHA-256: e2deb31bdfcac08c190c589d5ce73781a36e48bc6381cf00f83d7f4132994b4c
nodejs-debugsource-16.18.1-4.el9_0.aarch64.rpm SHA-256: cf48aa3df82d77429296c7af958180f111b2418ad87263334a699f025abac231
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.aarch64.rpm SHA-256: f3d7331bdffa9e03da8b5573496ad3e29ff6997f8dd61bcc3405a85a26ab7df5
nodejs-libs-16.18.1-4.el9_0.aarch64.rpm SHA-256: ab713712fff7bca04cf2ca72cb0fabce3aed06f25f350b64d1fa5bd80242c655
nodejs-libs-debuginfo-16.18.1-4.el9_0.aarch64.rpm SHA-256: 0bdb8616ae9e703e41f891fbe29d230fab98f74c6453ec3ab64ab694b641c1bb
npm-8.19.2-1.16.18.1.4.el9_0.aarch64.rpm SHA-256: fd42e97fbab2d8d451c5663ed1ea15bfa94948f2573e0c36ebbd538ec5d562bc

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
ppc64le
nodejs-16.18.1-4.el9_0.ppc64le.rpm SHA-256: a912afd4671810867f4c0eb5d09c1f45fe8d5501c85d5040d4b1de892129ea51
nodejs-debuginfo-16.18.1-4.el9_0.ppc64le.rpm SHA-256: e5ba8d12fedc60569cf6c69753a5ee41b4a41617d376db342fd98751eab57ee0
nodejs-debugsource-16.18.1-4.el9_0.ppc64le.rpm SHA-256: 4c6f94050ac3d4f15a48198acdd0ea5670768902821bd97d9aaf1e79c748d71f
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.ppc64le.rpm SHA-256: dffd869ed788293a1c1f9898861743729ecadd29449aa99588e68ffb21b4816b
nodejs-libs-16.18.1-4.el9_0.ppc64le.rpm SHA-256: ce80fbf3d7bf0037e6d795c9551178b68063af59c01cb5606a925ed97ef3a4e6
nodejs-libs-debuginfo-16.18.1-4.el9_0.ppc64le.rpm SHA-256: 26eb0c4a10d320accb336253aab3b0eb9303b2c33deb2c2624f9c999f3285857
npm-8.19.2-1.16.18.1.4.el9_0.ppc64le.rpm SHA-256: 670c08aee29e03ca6130399e7ada703a0cc926f9ee2b291a991efb9f19fbc89d

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
x86_64
nodejs-16.18.1-4.el9_0.x86_64.rpm SHA-256: b4db5a23b7f72c1a047b27a0e04c0b0d7ba19860ea924f3a957bbd38601b11b5
nodejs-debuginfo-16.18.1-4.el9_0.i686.rpm SHA-256: 4234ffc279b4827794ac456c4f7faf3153453d344a9a761a008fb849a4dd1e59
nodejs-debuginfo-16.18.1-4.el9_0.x86_64.rpm SHA-256: a8c375832077ece611f7fab99e880c4c3796834feb6f72ca5972292b5616e100
nodejs-debugsource-16.18.1-4.el9_0.i686.rpm SHA-256: 86c432882c75cb65f4582af355bb30284ae603f13415ecab751fd9fde736b1d7
nodejs-debugsource-16.18.1-4.el9_0.x86_64.rpm SHA-256: 49aec6773c004fe7bff757ba13dd0fbc92435302e9652887f7305e06d2014ba1
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.x86_64.rpm SHA-256: 4f81c8910fcb5c57a7851a05fa041826860baa0b193da409285f421d7e5c2492
nodejs-libs-16.18.1-4.el9_0.i686.rpm SHA-256: ef227d254b5ff86449188f46a13bbc7be2bae986b0100bc35343d4f3995e2842
nodejs-libs-16.18.1-4.el9_0.x86_64.rpm SHA-256: 4843242505afc9b4f62816d1245e45dee599a2f9dc1079d6fb5609e130dd78f5
nodejs-libs-debuginfo-16.18.1-4.el9_0.i686.rpm SHA-256: 05fb6dff9712ef0e33e58de3d42579dcce252ede5141a718e07a09116e712edc
nodejs-libs-debuginfo-16.18.1-4.el9_0.x86_64.rpm SHA-256: 229626aee27501bdd946cefb5d93e00efec4b1e6d418e106a0458403f2eb33f8
npm-8.19.2-1.16.18.1.4.el9_0.x86_64.rpm SHA-256: aed9fad6e8a7a932eba743711bb53b4d684faa1fb398bdb3e0a8380154e89b87

Red Hat Enterprise Linux for ARM 64 - 4 years of updates 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
aarch64
nodejs-16.18.1-4.el9_0.aarch64.rpm SHA-256: 837af5c837abe23e779913d94a46878bebb9828b033f08fd60e239fb758ad04a
nodejs-debuginfo-16.18.1-4.el9_0.aarch64.rpm SHA-256: e2deb31bdfcac08c190c589d5ce73781a36e48bc6381cf00f83d7f4132994b4c
nodejs-debugsource-16.18.1-4.el9_0.aarch64.rpm SHA-256: cf48aa3df82d77429296c7af958180f111b2418ad87263334a699f025abac231
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.aarch64.rpm SHA-256: f3d7331bdffa9e03da8b5573496ad3e29ff6997f8dd61bcc3405a85a26ab7df5
nodejs-libs-16.18.1-4.el9_0.aarch64.rpm SHA-256: ab713712fff7bca04cf2ca72cb0fabce3aed06f25f350b64d1fa5bd80242c655
nodejs-libs-debuginfo-16.18.1-4.el9_0.aarch64.rpm SHA-256: 0bdb8616ae9e703e41f891fbe29d230fab98f74c6453ec3ab64ab694b641c1bb
npm-8.19.2-1.16.18.1.4.el9_0.aarch64.rpm SHA-256: fd42e97fbab2d8d451c5663ed1ea15bfa94948f2573e0c36ebbd538ec5d562bc

Red Hat Enterprise Linux for IBM z Systems - 4 years of updates 9.0

SRPM
nodejs-16.18.1-4.el9_0.src.rpm SHA-256: 9ac81573f1fe79050490da63fd2d7efd6b5e6d1ee876ae5403b639bc93a1a33b
s390x
nodejs-16.18.1-4.el9_0.s390x.rpm SHA-256: da00e7b5f20d9d5b11fde8d4e45e35472e623f6e3ede33bbabc1b6f465c07ce0
nodejs-debuginfo-16.18.1-4.el9_0.s390x.rpm SHA-256: bfb4575baf4f5a3134546b3ea445dcc4de85347cb62ad526784e15e198d4beda
nodejs-debugsource-16.18.1-4.el9_0.s390x.rpm SHA-256: 35e790484df2a8a0dd322e0b2970cd97c2a52fdceebd18ddd25a3110e4250f17
nodejs-docs-16.18.1-4.el9_0.noarch.rpm SHA-256: 432242b6914437f531ef3ce4ab53fcb5f78114b12895ca3b263c62d483590c88
nodejs-full-i18n-16.18.1-4.el9_0.s390x.rpm SHA-256: d8d4400c98b991f2f10e998f5cf186262d4c5c5432a943ea5dafe6606f5e3349
nodejs-libs-16.18.1-4.el9_0.s390x.rpm SHA-256: 6c2b318ecf7ce0631ecaa256f165dbc566ff5fd2ef67a1c8074e1869b77f6b8d
nodejs-libs-debuginfo-16.18.1-4.el9_0.s390x.rpm SHA-256: acc0f43a87f2705060e4984c6268c37081cb53374da9015354bb12da2866486b
npm-8.19.2-1.16.18.1.4.el9_0.s390x.rpm SHA-256: af091dede33d6b96b5b3ed65e7a3b24bffe74d9cdbd27a0b1f2d81a82ba2981f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Red Hat LinkedIn YouTube Facebook X, formerly Twitter

Quick Links

  • Downloads
  • Subscriptions
  • Support Cases
  • Customer Service
  • Product Documentation

Help

  • Contact Us
  • Customer Portal FAQ
  • Log-in Assistance

Site Info

  • Trust Red Hat
  • Browser Support Policy
  • Accessibility
  • Awards and Recognition
  • Colophon

Related Sites

  • redhat.com
  • developers.redhat.com
  • connect.redhat.com
  • cloud.redhat.com

Red Hat legal and privacy links

  • About Red Hat
  • Jobs
  • Events
  • Locations
  • Contact Red Hat
  • Red Hat Blog
  • Inclusion at Red Hat
  • Cool Stuff Store
  • Red Hat Summit
© 2025 Red Hat

Red Hat legal and privacy links

  • Privacy statement
  • Terms of use
  • All policies and guidelines
  • Digital accessibility