nodejs:16 security update

エラータID: AXSA:2023-6524:01

Release date: 
Friday, October 20, 2023 - 10:38
Subject: 
nodejs:16 security update
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

Modularity name: "nodejs"
Stream name: "16"

Solution: 

Update packages.

CVEs: 
CVE-2023-44487
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Additional Info: 

N/A

Download: 

SRPMS
  1. nodejs-nodemon-3.0.1-1.module+el8+1672+9b155bdc.src.rpm
    MD5: 79242399d0e16f73e6b3e8e1a6d83ead
    SHA-256: bfd28d2cef6cf44c71d156f75f7ab3740150bbd1427ef609cdc29a5a3fbee9a3
    Size: 340.68 kB
  2. nodejs-packaging-26-1.module+el8+1672+9b155bdc.src.rpm
    MD5: 5709622b30f49a72f82db1388073ef44
    SHA-256: 9bcefcc70d24bd35e0227c50e5f4119a726931887d1aa34350dcc766f83ee95a
    Size: 29.28 kB
  3. nodejs-16.20.2-3.module+el8+1672+9b155bdc.src.rpm
    MD5: d68bb958b81829f02744fa46d7be1472
    SHA-256: b0e99f201028994c567721718dc756c3ac1df0b7fc34f32960ba110d53b24207
    Size: 71.56 MB

Asianux Server 8 for x86_64
  1. nodejs-16.20.2-3.module+el8+1672+9b155bdc.x86_64.rpm
    MD5: 33a201ba66f2238b78a66ce336efe772
    SHA-256: 9dfb7c13be1e21841e9d2882e66e84be92d033928c8a1c7c1101be5be102df9f
    Size: 12.28 MB
  2. nodejs-debugsource-16.20.2-3.module+el8+1672+9b155bdc.x86_64.rpm
    MD5: f1ea9c134aac773e209841234d6d9ecd
    SHA-256: efed97a7aa257981afd44220d9a6af0247398b8005ff02edb3830dccd48f1169
    Size: 13.06 MB
  3. nodejs-devel-16.20.2-3.module+el8+1672+9b155bdc.x86_64.rpm
    MD5: edadedb2786929418e70b4b5cd259367
    SHA-256: 32d3d6e523f2ffbd9386e0f54b6e332da0155d4c94fd5706fb26f3407f17b3b6
    Size: 192.68 kB
  4. nodejs-docs-16.20.2-3.module+el8+1672+9b155bdc.noarch.rpm
    MD5: a0467e58ac48134c7553fd29ae485538
    SHA-256: 087ffbb614ac8303bc1cc867c537339c1c5fe0376133e9106423f3089bf6dd0a
    Size: 9.35 MB
  5. nodejs-full-i18n-16.20.2-3.module+el8+1672+9b155bdc.x86_64.rpm
    MD5: 453306254b253ee74ff1ba2468275062
    SHA-256: 764ce84d0a5cae714e2f9a39cd5073ccaa28493387def01c1a697a0595d8520f
    Size: 8.01 MB
  6. nodejs-nodemon-3.0.1-1.module+el8+1672+9b155bdc.noarch.rpm
    MD5: d6a11c3e16aab830891825faee130ce6
    SHA-256: f8718bc8a5d14e978cd4a7c584790464208fce0dd516552e1306d26f01c6d29f
    Size: 282.10 kB
  7. nodejs-packaging-26-1.module+el8+1672+9b155bdc.noarch.rpm
    MD5: 86f4deec346db40b77a1c312ad12e8d7
    SHA-256: 8b9ae16bbc9250a92c40822d887e87c8a29f137594557884659ce518c05570d7
    Size: 23.37 kB
  8. npm-8.19.4-1.16.20.2.3.module+el8+1672+9b155bdc.x86_64.rpm
    MD5: 3a144d31b05d4cb2540602d907351ec0
    SHA-256: 28470130bb69816d01a14fdec46397d7c54fc2a3fce6eb5bc28be013bc300cb8
    Size: 1.88 MB