nodejs:16 security update
エラータID: AXSA:2022-3781:01
リリース日:
2022/09/01 Thursday - 06:39
題名:
nodejs:16 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- nodejs には、package-lock.json ファイル内の依存情報が
package.json ファイルの内容と異なる場合においても
npmci コマンドがインストールを継続する問題があり、
package-lock.json ファイルのバージョンの完全一致要件に
よってインストールがブロックされているマルウェアを
攻撃者がインストールできてしまう脆弱性があります。
(CVE-2021-43616)
Modularity name: nodejs
Stream name: 16
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2021-43616
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.
The npm ci command in npm 7.x and 8.x through 8.1.3 proceeds with an installation even if dependency information in package-lock.json differs from package.json. This behavior is inconsistent with the documentation, and makes it easier for attackers to install malware that was supposed to have been blocked by an exact version match requirement in package-lock.json.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-2.0.15-1.module+el8+1508+b857f742.src.rpm
MD5: d8e7f02d933d8db9704f811ab9634c05
SHA-256: f41465bd11ac9b42b68fd8083b628fb1bd63d5d62ce57cac14d1da6deb99af12
Size: 730.27 kB - nodejs-packaging-25-1.module+el8+1508+b857f742.src.rpm
MD5: ecd63a5285a36f854717d8e47f5bdddb
SHA-256: 833acdb5c830645c300c64f1b3054f87caccd1ef21b0f936ebeea9e7b39a67a5
Size: 26.81 kB - nodejs-16.14.0-4.module+el8+1508+b857f742.src.rpm
MD5: 34c19dde6982fda409562f1c601b488c
SHA-256: 3f23584ff3cc98aa499eea20f2cbb4820a6bd3d67e2614d99e1ebd25601a2191
Size: 67.88 MB
Asianux Server 8 for x86_64
- nodejs-nodemon-2.0.15-1.module+el8+1508+b857f742.noarch.rpm
MD5: f2629a8bf75ea8da512fbb36f220208f
SHA-256: ded8db4432b184e484ef9a1a4cbbb11b564c69a0e728ea7274fff1c100687a43
Size: 578.85 kB - nodejs-packaging-25-1.module+el8+1508+b857f742.noarch.rpm
MD5: 78d682978b1ad7a9f091526703009b6c
SHA-256: 86faf6d81fac24cbcd1d5b9bcd6ca33f6ea6cc2889661ffe85103500d9060989
Size: 23.19 kB - nodejs-16.14.0-4.module+el8+1508+b857f742.x86_64.rpm
MD5: 832c223f97f814080420432d80aa740f
SHA-256: 50bd3674bebf2f39c3cf1ef0216abbac8704004f2ae1fc5b2170b995b4f2c396
Size: 12.15 MB - nodejs-debugsource-16.14.0-4.module+el8+1508+b857f742.x86_64.rpm
MD5: 9d24f6638219f4c75cf4cca0115b062e
SHA-256: 216a8fb4cacfcad781e45005a0a1efb5a7feb55555e3b56a89639547e667df79
Size: 12.61 MB - nodejs-devel-16.14.0-4.module+el8+1508+b857f742.x86_64.rpm
MD5: 8b46381f957ad06f46f6bec0b71e533e
SHA-256: 5e3a95fd1deaf3575ea26fa8ce690b4a0c301f5576f081cae1d3723b297fe8d0
Size: 189.68 kB - nodejs-docs-16.14.0-4.module+el8+1508+b857f742.noarch.rpm
MD5: c78b4d6f48d9c1a053237eee5187e086
SHA-256: 73a78a24372d56750a4aecf85e47075e16ad518760a2fa95420896946d9e74b6
Size: 8.91 MB - nodejs-full-i18n-16.14.0-4.module+el8+1508+b857f742.x86_64.rpm
MD5: dd271a00ae6e70e15e0b89052b52da25
SHA-256: 70e4beeb72f2c0655700873df95fc4b221a718b6d17b77c97a739e00810bb113
Size: 7.85 MB - npm-8.3.1-1.16.14.0.4.module+el8+1508+b857f742.x86_64.rpm
MD5: c154e491ab63d2c2f35b95f362412ba9
SHA-256: 873715842fd452105a7572c9e6e4fedf41d16e1e251f0508aeb16715414a666c
Size: 1.86 MB