Red Hat Product Errata RHSA-2024:1354 - Security Advisory
Issued:
2024-03-18
Updated:
2024-03-18

RHSA-2024:1354 - Security Advisory

Synopsis

Important: rh-nodejs14 security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nodejs14-nodejs is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • rh-nodejs14-nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)

A Red Hat Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7 s390x
  • Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7 ppc64le
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64

Fixes

  • BZ - 2264574 - CVE-2024-22019 nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-nodejs14-nodejs-14.21.3-6.el7.src.rpm SHA-256: f962a580da1b4e1ef80f29a87bd5b244bb8084316a23e57a0985f6bc5c415ed8
x86_64
rh-nodejs14-nodejs-14.21.3-6.el7.x86_64.rpm SHA-256: a17b5577ce7a51f8a40c0f267f77c4721e9efe09e591db8c0cb5d7ed2c5d5cdc
rh-nodejs14-nodejs-debuginfo-14.21.3-6.el7.x86_64.rpm SHA-256: 41b9ff98bafc861c0c500887164a1558b91661745dc3c24eff03424af3d9eecd
rh-nodejs14-nodejs-devel-14.21.3-6.el7.x86_64.rpm SHA-256: 33ff9b8cae9c4ea7979400688c62e6376bb6a2272432959e91b6da7bea605bf0
rh-nodejs14-nodejs-docs-14.21.3-6.el7.noarch.rpm SHA-256: 4de67579ed838b25f736721849d09078152d515a5e44d55df4995ec5fae6d56d
rh-nodejs14-nodejs-full-i18n-14.21.3-6.el7.x86_64.rpm SHA-256: 2a2944da97f2b49b7ea3d36b7a99a3fde9ebec988a359c9cefe27e2810e52e64
rh-nodejs14-npm-6.14.18-14.21.3.6.el7.x86_64.rpm SHA-256: 50cc2e1a6ce4afcdc343b829f185dd8d58e1c083ba5a56ba9f9d7255d014dd55

Red Hat Software Collections (for RHEL Server for System Z) 1 for RHEL 7

SRPM
rh-nodejs14-nodejs-14.21.3-6.el7.src.rpm SHA-256: f962a580da1b4e1ef80f29a87bd5b244bb8084316a23e57a0985f6bc5c415ed8
s390x
rh-nodejs14-nodejs-14.21.3-6.el7.s390x.rpm SHA-256: 3d5347915e0a0523e70beb949f9f628ec27effb83180701ecf7ebf44266392da
rh-nodejs14-nodejs-debuginfo-14.21.3-6.el7.s390x.rpm SHA-256: ef14992b8cc4d0ed62ecb91aad181b6e1eae9cc56ac22ebd352908d64e8ccb20
rh-nodejs14-nodejs-devel-14.21.3-6.el7.s390x.rpm SHA-256: 483c4ca9281e63f496a63546941fcd883783223cb44b251a3305a0b0723177ba
rh-nodejs14-nodejs-docs-14.21.3-6.el7.noarch.rpm SHA-256: 4de67579ed838b25f736721849d09078152d515a5e44d55df4995ec5fae6d56d
rh-nodejs14-nodejs-full-i18n-14.21.3-6.el7.s390x.rpm SHA-256: 0be11ee8b99be5ea2a2f5def99ca05bbcbce269a908909d875fba1aa997add71
rh-nodejs14-npm-6.14.18-14.21.3.6.el7.s390x.rpm SHA-256: 80ef47ffef01cb6e879fb7eb6202ef94dbeaf07c38d3ab45745eaf9a4a9a6cef

Red Hat Software Collections (for RHEL Server for IBM Power LE) 1 for RHEL 7

SRPM
rh-nodejs14-nodejs-14.21.3-6.el7.src.rpm SHA-256: f962a580da1b4e1ef80f29a87bd5b244bb8084316a23e57a0985f6bc5c415ed8
ppc64le
rh-nodejs14-nodejs-14.21.3-6.el7.ppc64le.rpm SHA-256: 8623e9ef0ab18da99224c97416b521a1363819710d5612e5c377d1e8db3d3d59
rh-nodejs14-nodejs-debuginfo-14.21.3-6.el7.ppc64le.rpm SHA-256: ac42470bab05aa920ab89bfb2cb839b6bd6d48ead411f7b2741ce3794cd1edf3
rh-nodejs14-nodejs-devel-14.21.3-6.el7.ppc64le.rpm SHA-256: 6806c7af905dfd0db941bd65ed08937296fb1a0d88930fc61ad027be8293de28
rh-nodejs14-nodejs-docs-14.21.3-6.el7.noarch.rpm SHA-256: 4de67579ed838b25f736721849d09078152d515a5e44d55df4995ec5fae6d56d
rh-nodejs14-nodejs-full-i18n-14.21.3-6.el7.ppc64le.rpm SHA-256: e962ca2507b9d224445ebecdfe8a95bb8ebda356d4bee514d947780c96f9228f
rh-nodejs14-npm-6.14.18-14.21.3.6.el7.ppc64le.rpm SHA-256: d023948651e779f0368627819f9a111306bbb567671c064df99c58716af3c041

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-nodejs14-nodejs-14.21.3-6.el7.src.rpm SHA-256: f962a580da1b4e1ef80f29a87bd5b244bb8084316a23e57a0985f6bc5c415ed8
x86_64
rh-nodejs14-nodejs-14.21.3-6.el7.x86_64.rpm SHA-256: a17b5577ce7a51f8a40c0f267f77c4721e9efe09e591db8c0cb5d7ed2c5d5cdc
rh-nodejs14-nodejs-debuginfo-14.21.3-6.el7.x86_64.rpm SHA-256: 41b9ff98bafc861c0c500887164a1558b91661745dc3c24eff03424af3d9eecd
rh-nodejs14-nodejs-devel-14.21.3-6.el7.x86_64.rpm SHA-256: 33ff9b8cae9c4ea7979400688c62e6376bb6a2272432959e91b6da7bea605bf0
rh-nodejs14-nodejs-docs-14.21.3-6.el7.noarch.rpm SHA-256: 4de67579ed838b25f736721849d09078152d515a5e44d55df4995ec5fae6d56d
rh-nodejs14-nodejs-full-i18n-14.21.3-6.el7.x86_64.rpm SHA-256: 2a2944da97f2b49b7ea3d36b7a99a3fde9ebec988a359c9cefe27e2810e52e64
rh-nodejs14-npm-6.14.18-14.21.3.6.el7.x86_64.rpm SHA-256: 50cc2e1a6ce4afcdc343b829f185dd8d58e1c083ba5a56ba9f9d7255d014dd55

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.