nodejs-16.20.2-4.el9_3

エラータID: AXSA:2024-7625:01

Release date: 
Friday, March 22, 2024 - 11:50
Subject: 
nodejs-16.20.2-4.el9_3
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2024-22019
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.

Solution: 

Update packages.

CVEs: 
CVE-2024-22019
A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits.
Additional Info: 

N/A

Download: 

SRPMS
  1. nodejs-16.20.2-4.el9_3.src.rpm
    MD5: 5d77634df6d0ea91bfec7251df07ad05
    SHA-256: 62204b53a13d6257c4c116b3e713af6a546759709986c303e6d8612b6c5b0121
    Size: 70.76 MB

Asianux Server 9 for x86_64
  1. nodejs-16.20.2-4.el9_3.x86_64.rpm
    MD5: 460940c5902269f765a3cd1f3ce80685
    SHA-256: 186c903ed3f8e2e969ec01df3c6a267dfd5db11df26f3080997740b07e41406e
    Size: 110.68 kB
  2. nodejs-docs-16.20.2-4.el9_3.noarch.rpm
    MD5: 61e095884548ebe50fdf57e9de99b444
    SHA-256: 41b6542daacb8c19aaad0e883d1f966e66c893e83da1ffae50bb4883659acbaa
    Size: 7.20 MB
  3. nodejs-full-i18n-16.20.2-4.el9_3.x86_64.rpm
    MD5: 0694965d18d52613c37b68dbc9120bfa
    SHA-256: 8d3d6d4283e4231e1c48e55c11de60fabb3854cc97579174dd38c3fb8459cab1
    Size: 8.21 MB
  4. nodejs-libs-16.20.2-4.el9_3.i686.rpm
    MD5: 1d94e7bd9e3f04acf8ce826d8d3d22d3
    SHA-256: e59d11ae0ad08b0d2c3a8e5426c7916305854c2b83dbd3911c6067719ad5d5d8
    Size: 15.11 MB
  5. nodejs-libs-16.20.2-4.el9_3.x86_64.rpm
    MD5: 6b11124c3ae194dd392b0ef1e5f76bb5
    SHA-256: 2365543152d7575653e7afe7fa3704bf52ad960526626f745aa5e6e7b90a756a
    Size: 14.48 MB
  6. npm-8.19.4-1.16.20.2.4.el9_3.x86_64.rpm
    MD5: 2b155cf63e38bdb5cce6967db1532ae4
    SHA-256: fa8c403a2c4b32633ff5dad201241d4b76a05d013b3c5a1a71ea568e973f2ca1
    Size: 2.09 MB