nodejs-16.20.2-3.el9

エラータID: AXSA:2023-6507:05

Release date: 
Tuesday, October 17, 2023 - 17:57
Subject: 
nodejs-16.20.2-3.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

A Cybertrust Japan Co., Ltd. Security Bulletin which addresses further details about this flaw is available in the References section.

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. nodejs-16.20.2-3.el9.src.rpm
    MD5: b1457c4a53e8d80a21a4b6e5421f6cd1
    SHA-256: 35fb25b29d297c1eff215eb2a6fd27bea76c40d09a4778edb2d6aff3f6f8b5d5
    Size: 70.75 MB

Asianux Server 9 for x86_64
  1. nodejs-16.20.2-3.el9.x86_64.rpm
    MD5: 854e9e52ffb6b49349a5face7b3b6d64
    SHA-256: 878cddc2afbe15772b081a3037b778d87e6a22033bc6049edaa37c960d4dd422
    Size: 111.17 kB
  2. nodejs-docs-16.20.2-3.el9.noarch.rpm
    MD5: 9d4dd1c1d7b132ffd9af57b485726283
    SHA-256: 50c43738cf664ead7bc736fb57b06c5529f15bf38b495daee3eefcbfeed8d7fa
    Size: 7.05 MB
  3. nodejs-full-i18n-16.20.2-3.el9.x86_64.rpm
    MD5: a846d8a404c6820ce9cad254d904ae3a
    SHA-256: 16e093534b759ac570b172c2684840169adaff4c0d06ff5a5ec723019023a625
    Size: 8.21 MB
  4. nodejs-libs-16.20.2-3.el9.i686.rpm
    MD5: a5a68c04e9a4b3e2e7e36e68da7dcc0f
    SHA-256: 2c542a3625cf7260097dede5728adb0316159619c726dcb1b8f5979d26748282
    Size: 15.11 MB
  5. nodejs-libs-16.20.2-3.el9.x86_64.rpm
    MD5: 998a2f8b38fc968caf411b23fdae5d57
    SHA-256: 28b0b6d23b920a1c544626cd3c0cd4b788bb06efb3e643f80400cace4c420368
    Size: 14.47 MB
  6. npm-8.19.4-1.16.20.2.3.el9.x86_64.rpm
    MD5: 02f3a4f5516dfbaecd2a9d7049a07bc4
    SHA-256: 10142f59b48d648157f3d36758291779676009917cdef8919e1cc9fe96175442
    Size: 1.73 MB