AXSA:2020-792:01

Release date: 
Monday, October 26, 2020 - 05:36
Subject: 
nodejs:12 security and bug fix update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs
(12.18.4).

Security Fix(es):
nodejs-dot-prop: prototype pollution (CVE-2020-8116)
nodejs: HTTP request smuggling due to CR-to-Hyphen conversion (CVE-2020-8201)
npm: Sensitive information exposure through logs (CVE-2020-15095)
libuv: buffer overflow in realpath (CVE-2020-8252)

nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080)
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload (CVE-2020-7598)
nodejs: TLS session reuse can lead to hostname verification bypass (CVE-2020-8172)
nodejs: memory corruption in napi_get_value_string_* functions (CVE-2020-8174)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

Bug Fix(es):
The nodejs:12/development module is not installable

CVEs:
CVE-2020-7598
CVE-2020-8116
CVE-2020-8172
CVE-2020-8174
CVE-2020-8201
CVE-2020-8252
CVE-2020-15095
CVE-2020-11080

Modularity name: nodejs
Stream name: 12

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. nodejs-nodemon-1.18.3-1.module+el8+132+1cd968c0.src.rpm
    MD5: acbf257cc7e07af61ed904f98bac15b2
    SHA-256: 7837a84681400a28f637121918e65d1470ed5de1750939844539dd4e0f0dfc36
    Size: 1.35 MB
  2. nodejs-packaging-17-3.module+el8+132+1cd968c0.src.rpm
    MD5: 8fb55e6e1a0d13fdf8a92a84b7c1b566
    SHA-256: 496e4ab95dafb1fb923c4abf1a09bd96ce78db185da48a8803f57ff4d517a9c0
    Size: 20.66 kB
  3. nodejs-12.18.4-2.module+el8+132+1cd968c0.src.rpm
    MD5: 1d7aec04068c2ee422ed7bcbdcca8e25
    SHA-256: a1022d73e03212f64eb8be93fee91ea686018c4a2a7e1a5c8f708c34e4ab063f
    Size: 55.00 MB

Asianux Server 8 for x86_64
  1. nodejs-nodemon-1.18.3-1.module+el8+132+1cd968c0.noarch.rpm
    MD5: 4de418d0e4684d3c44ea5a0d297dece1
    SHA-256: 871c96c685bbf23a190e35b0b6f1abd886c871bd953fe7881bc2b8f3a57e743b
    Size: 963.32 kB
  2. nodejs-packaging-17-3.module+el8+132+1cd968c0.noarch.rpm
    MD5: 5158b2f6c6bb9797a47a26b3ed406bd9
    SHA-256: 88164ebf2746649304cab6b7793293045c4acffb829f688f762992ae9b3a7e1f
    Size: 18.43 kB
  3. nodejs-12.18.4-2.module+el8+132+1cd968c0.x86_64.rpm
    MD5: 43ea09045d6c844f05b0dec5fe69a101
    SHA-256: d64bd45a58efcb126da4b0d4b0af933db573d9ac1e50ad280942b9f9e22415ff
    Size: 10.30 MB
  4. nodejs-devel-12.18.4-2.module+el8+132+1cd968c0.x86_64.rpm
    MD5: efffd9d3fb5cb2567be6625be03efa39
    SHA-256: 967e45e968e93241824505df69f32135ff5224006a33dacaaf7c017a793a9887
    Size: 172.18 kB
  5. nodejs-docs-12.18.4-2.module+el8+132+1cd968c0.noarch.rpm
    MD5: 1221bff22b2e595d33f53e51bbb9e643
    SHA-256: b2f086cd6ac099d7f936c31101b0846f8ba1a5d26805a139a39d29df4ac8b837
    Size: 3.99 MB
  6. nodejs-full-i18n-12.18.4-2.module+el8+132+1cd968c0.x86_64.rpm
    MD5: e60e4cd4b029d40fc3e20c3a9f215165
    SHA-256: b081a1957f84615ea8414e166f9e1e77007c81990fac92b74822601d3b7298c2
    Size: 7.49 MB
  7. npm-6.14.6-1.12.18.4.2.module+el8+132+1cd968c0.x86_64.rpm
    MD5: de533cfa0e1d96e1800003dc995fa8ed
    SHA-256: fddd3d2dcb865689e83dc094d863560c24189c83619c93875206a5183976a735
    Size: 3.83 MB
Copyright© 2007-2015 Asianux. All rights reserved.