- Issued:
- 2024-05-09
- Updated:
- 2024-05-09
RHSA-2024:2778 - Security Advisory
Synopsis
Important: nodejs:20 security update
Type/Severity
Security Advisory: Important
Red Hat Insights patch analysis
Identify and remediate systems affected by this advisory.
Topic
An update for the nodejs:20 module is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
- c-ares: Out of bounds read in ares__read_line() (CVE-2024-25629)
- nghttp2: CONTINUATION frames DoS (CVE-2024-28182)
- nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service (CVE-2024-22025)
- nodejs: CONTINUATION frames DoS (CVE-2024-27983)
- nodejs: HTTP Request Smuggling via Content Length Obfuscation (CVE-2024-27982)
For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.
Affected Products
- Red Hat Enterprise Linux for x86_64 8 x86_64
- Red Hat Enterprise Linux for IBM z Systems 8 s390x
- Red Hat Enterprise Linux for Power, little endian 8 ppc64le
- Red Hat Enterprise Linux for ARM 64 8 aarch64
Fixes
- BZ - 2265713 - CVE-2024-25629 c-ares: Out of bounds read in ares__read_line()
- BZ - 2268639 - CVE-2024-28182 nghttp2: CONTINUATION frames DoS
- BZ - 2270559 - CVE-2024-22025 nodejs: using the fetch() function to retrieve content from an untrusted URL leads to denial of service
- BZ - 2272764 - CVE-2024-27983 nodejs: CONTINUATION frames DoS
- BZ - 2275392 - CVE-2024-27982 nodejs: HTTP Request Smuggling via Content Length Obfuscation
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Enterprise Linux for x86_64 8
| SRPM | |
|---|---|
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.src.rpm | SHA-256: ea1d442e5ce9b3b2a708056accb89f8609ebdb1e5a12190df2a6b5442bd0b292 |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm | SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm | SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049 |
| x86_64 | |
| nodejs-docs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch.rpm | SHA-256: b01c434fe81bbd5c81ab7a7a893024b45a89aa7766f41e9e5c4a3d93b264a1c4 |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm | SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142 |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e |
| nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b |
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64.rpm | SHA-256: 3c26dbacc2d1bd4533bfa1f2fb561bd1eded6a5eb84725a1864fcd784448bc12 |
| nodejs-debuginfo-20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64.rpm | SHA-256: 7908f7caf06bb8fffa929519c2ec33b541afe48e4ccb8b5ccb963b6a0f249d49 |
| nodejs-debugsource-20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64.rpm | SHA-256: ed2931e9e93987f0c365ee722553e3a322b0a3b39ecb15bfa49683792a7180e1 |
| nodejs-devel-20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64.rpm | SHA-256: 2d8c6bec7bc5b674bc8335cf64b6f365757666081d9cd7ef3c8e7fda2e566614 |
| nodejs-full-i18n-20.12.2-2.module+el8.9.0+21743+0b3f1be2.x86_64.rpm | SHA-256: ddf2831e8159ca359ae1979691782084fea7ed4345ec71e8b0d4bbd089d262c3 |
| npm-10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.x86_64.rpm | SHA-256: a53660cd075da154acd0562fa7b76999f8bb4933ece4ddacda92a22b500b5102 |
Red Hat Enterprise Linux for IBM z Systems 8
| SRPM | |
|---|---|
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.src.rpm | SHA-256: ea1d442e5ce9b3b2a708056accb89f8609ebdb1e5a12190df2a6b5442bd0b292 |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm | SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm | SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049 |
| s390x | |
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x.rpm | SHA-256: c5c1dd0b37735444d8e1563e168744c8ba98f5490ae3bb357bde45f698945a60 |
| nodejs-debuginfo-20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x.rpm | SHA-256: 28645aee9fa64730211dfc6463bb978f124a99758e1831816ad1d6eef4048951 |
| nodejs-debugsource-20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x.rpm | SHA-256: 4b07ceccd73814203b825a576b0c215ccc94e4a162993dc1c830a129b4d1909a |
| nodejs-devel-20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x.rpm | SHA-256: f436210b25e97118f73fd61be96462d113614318685eb263ad1be902423d0b64 |
| nodejs-docs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch.rpm | SHA-256: b01c434fe81bbd5c81ab7a7a893024b45a89aa7766f41e9e5c4a3d93b264a1c4 |
| nodejs-full-i18n-20.12.2-2.module+el8.9.0+21743+0b3f1be2.s390x.rpm | SHA-256: e4fa66c7dc1ab87bd9322496e09750b86cd6fff206045ba13730e73f39337dee |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm | SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142 |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e |
| nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b |
| npm-10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.s390x.rpm | SHA-256: 42f53d0466b1955120c7a5012c6916b7766f4d0548bf675ac41132f3debe049e |
Red Hat Enterprise Linux for Power, little endian 8
| SRPM | |
|---|---|
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.src.rpm | SHA-256: ea1d442e5ce9b3b2a708056accb89f8609ebdb1e5a12190df2a6b5442bd0b292 |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm | SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm | SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049 |
| ppc64le | |
| nodejs-docs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch.rpm | SHA-256: b01c434fe81bbd5c81ab7a7a893024b45a89aa7766f41e9e5c4a3d93b264a1c4 |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm | SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142 |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e |
| nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b |
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le.rpm | SHA-256: 34e0ca7c6799237bbe93e738509b5453a17d6229844ef21ad541eb6ffbabe91e |
| nodejs-debuginfo-20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le.rpm | SHA-256: f7571736555a849fb0b25df55107a76411b836b37f63df548873519a41530070 |
| nodejs-debugsource-20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le.rpm | SHA-256: 3fd20072c7bdae505d9aabd96acfa7d440c1c8310eeed67515a1cf27d198acb9 |
| nodejs-devel-20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le.rpm | SHA-256: 99b0289a5b5e668cbe8e873f3eb6dfd6bf4bf5f393aae54ea307aa79233e7961 |
| nodejs-full-i18n-20.12.2-2.module+el8.9.0+21743+0b3f1be2.ppc64le.rpm | SHA-256: d158ba02d8ef3a2631e0ce99f4b26c848122988d795c6c02112efe3a013c68ea |
| npm-10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.ppc64le.rpm | SHA-256: 2efc33bd127bff1dd5b410cdd4a5710ce00f96712d7f84179dd8f19277635865 |
Red Hat Enterprise Linux for ARM 64 8
| SRPM | |
|---|---|
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.src.rpm | SHA-256: ea1d442e5ce9b3b2a708056accb89f8609ebdb1e5a12190df2a6b5442bd0b292 |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.src.rpm | SHA-256: 889a030834eca2139002087753843c52252e5b2dc40b5d0ad8d87af10af3af3e |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.src.rpm | SHA-256: a7fd1b3ac37949c6ce7591cd26c2b1c0a16fc981466e4ef9ba1d0fb2d54d3049 |
| aarch64 | |
| nodejs-docs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.noarch.rpm | SHA-256: b01c434fe81bbd5c81ab7a7a893024b45a89aa7766f41e9e5c4a3d93b264a1c4 |
| nodejs-nodemon-3.0.1-1.module+el8.9.0+20473+c4e3d824.noarch.rpm | SHA-256: fee4b73944dd7d48743f7cb6f570393b91390ffd93f6eccb1c17b308d44e9142 |
| nodejs-packaging-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: 66d731b4208710620bdc2be1cc05d9506201e45fce762122fd8840b7c4dca17e |
| nodejs-packaging-bundler-2021.06-4.module+el8.9.0+19519+e25b965a.noarch.rpm | SHA-256: b7339583f645c7d80e49aadb33eb288479e3cddb1bc375fd9324c499503ca55b |
| nodejs-20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64.rpm | SHA-256: 8f40906b118272e86b05be02b74f6a5a13f75f86cb3bf061e643abce0222135f |
| nodejs-debuginfo-20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64.rpm | SHA-256: 39754b23b493c9a0bec93c7d0c5d08ee271d1c755587968c67f4b891542d2e62 |
| nodejs-debugsource-20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64.rpm | SHA-256: 779ad166ea7ec27baf6d7eb1f2c365bb92002b1895382dec6900cc1d1eb6fbbb |
| nodejs-devel-20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64.rpm | SHA-256: bf6eb1546568adfd28d05cc814d349355ce6b88b4f94389f3cb603e203089af9 |
| nodejs-full-i18n-20.12.2-2.module+el8.9.0+21743+0b3f1be2.aarch64.rpm | SHA-256: b2bb342eb923e9852c61eed59c5db2a01683ff69c377179baeb33a2d9fa2b235 |
| npm-10.5.0-1.20.12.2.2.module+el8.9.0+21743+0b3f1be2.aarch64.rpm | SHA-256: ee3dff21d74709548bd2faa39a40a0bcd1979d49e1237fb16a2cc732c23eabb4 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
