[security - high] nodejs:16 security update
エラータID: AXSA:2022-3898:01
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: nodejs 16.
Security Fix(es):
* nodejs: weak randomness in WebCrypto keygen (CVE-2022-35255)
* nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2022-35255
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
CVE-2022-35256
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
Modularity name: [security-high]nodejs
Stream name: 16
Update packages.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
N/A
SRPMS
- nodejs-nodemon-2.0.19-2.module+el8+1534+60be87ec.src.rpm
MD5: c0cf0df773d0ec090a54c8ae6841fe47
SHA-256: 782a9536b0ab008337d9c1cf82b454a96d76879548db0094783828869076198c
Size: 394.46 kB - nodejs-packaging-25-1.module+el8+1534+60be87ec.src.rpm
MD5: 0911d983f9f4464ed1e4971ce2a63efe
SHA-256: 2e2345495ff54b9f391e84a3f56128af71a84a191f910b73b60a3577b84ed0e3
Size: 26.81 kB - nodejs-16.17.1-1.module+el8+1534+60be87ec.src.rpm
MD5: 61911fe9891c761dba7956569fbbab7b
SHA-256: 803e9d54c5fc3e3b91aad290736156cd2e034074fffa8189bbd222769c9e75ab
Size: 70.31 MB
Asianux Server 8 for x86_64
- nodejs-nodemon-2.0.19-2.module+el8+1534+60be87ec.noarch.rpm
MD5: dafd59b83a1cdc432266cd9e228177ed
SHA-256: 6304735728eb2a9cc56da068b48eaf6b5f9ab42baa8ffae3e6e32b7edabb1f4e
Size: 271.44 kB - nodejs-packaging-25-1.module+el8+1534+60be87ec.noarch.rpm
MD5: a0f5f3bd98e56b17d016a784a94c150e
SHA-256: 5d0fe3d108e8d0e45057cacb20f7aa02f8b9e1a6c453db05e928f1d0c3fdf47f
Size: 23.19 kB - nodejs-16.17.1-1.module+el8+1534+60be87ec.x86_64.rpm
MD5: 833471dfd873f261b8cf6cd272270f91
SHA-256: d3160852b930f4c7109d9bb08b54bfa0c42029ed3d52ce06c2965a1063656905
Size: 12.19 MB - nodejs-debugsource-16.17.1-1.module+el8+1534+60be87ec.x86_64.rpm
MD5: 641ab7c80a712ba074e98ba62ca95106
SHA-256: ab2ec39c9acdacd7c716db1b4fe6975547f6fbc6ab03b58b018083144d78e2cc
Size: 12.93 MB - nodejs-devel-16.17.1-1.module+el8+1534+60be87ec.x86_64.rpm
MD5: 23ce869b68e121a7491378c6eac9f878
SHA-256: c6be64cf6bac21131f49a271410a759560f4997431d32213ce80893e181d833c
Size: 190.92 kB - nodejs-docs-16.17.1-1.module+el8+1534+60be87ec.noarch.rpm
MD5: cc83ffea61d625fe6c9883a82ac399c0
SHA-256: b078df86ba8ff61eb70905600b541ce6a9fb46a9f52bc298a44a53f02ebaa051
Size: 9.26 MB - nodejs-full-i18n-16.17.1-1.module+el8+1534+60be87ec.x86_64.rpm
MD5: e8333fa3ec386f1d816e46af06e01a3e
SHA-256: 260b19cee2b9dc981cec47b67aa46d0e4ebf54230c83a802a5bb52a2341b6afb
Size: 8.01 MB - npm-8.15.0-1.16.17.1.1.module+el8+1534+60be87ec.x86_64.rpm
MD5: 93e016765c26098b4f00b678f7c2aa0a
SHA-256: a5e460237a5a243eda8ad68d2b070ff3f5a16cacd097fac7db68d87673cd5ec6
Size: 1.90 MB