nodejs:20 security update
エラータID: AXSA:2024-8151:01
リリース日:
2024/06/14 Friday - 16:26
題名:
nodejs:20 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Node.js の fetch() 関数には、リモートの攻撃者により、
細工された URL を介して、サービス拒否攻撃 (メモリ枯渇)
を可能とする脆弱性が存在します。(CVE-2024-22025)
- c-ares の ares__read_line() 関数には、バッファー領域の
範囲外読み取りの問題があるため、ローカルの攻撃者に
より、/etc/resolv.conf、/etc/nsswitch.conf、HOSTALIASES、
/etc/hosts ファイルなどの解析対象のファイルの行の冒頭に
NULL 文字が埋め込まれるように細工されたファイルの処理
を介して、サービス拒否攻撃 (クラッシュの発生) を可能と
する脆弱性が存在します。(CVE-2024-25629)
- Node.js の HTTP サーバー機能には、Content Length
ヘッダーの前に空白文字が含まれている場合の解析処理に
問題があるため、リモートの攻撃者により、細工された
HTTP リクエストを介して、HTTP リクエストスマグリング
攻撃、およびクロスサイトスクリプティング攻撃を可能と
する脆弱性が存在します。(CVE-2024-27982)
- Node.js の HTTP/2 プロトコルの実装には、単一ストリーム
内で送信可能な CONTINUATION フレームのサイズが制限
されていない問題があるため、リモートの攻撃者により、
細工された HTTP/2 CONTINUATION フレームを含むパケット
の送信を介して、サービス拒否攻撃 (メモリ枯渇) を可能と
する脆弱性が存在します。(CVE-2024-27983)
- nghttp2 の HTTP/2 プロトコルスタックには、HPACK
コンテキストのストリームのリセット後も HTTP/2
CONTINUATION フレームを読み取り続けてしまう問題が
あるため、リモートの攻撃者により、細工されたパケット
の送信を介して、サービス拒否攻撃 (CPU リソースおよび
メモリの枯渇) を可能とする脆弱性が存在します。
(CVE-2024-28182)
Modularity name: nodejs
Stream name: 20
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2024-22025
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.
A vulnerability in Node.js has been identified, allowing for a Denial of Service (DoS) attack through resource exhaustion when using the fetch() function to retrieve content from an untrusted URL. The vulnerability stems from the fact that the fetch() function in Node.js always decodes Brotli, making it possible for an attacker to cause resource exhaustion when fetching content from an untrusted URL. An attacker controlling the URL passed into fetch() can exploit this vulnerability to exhaust memory, potentially leading to process termination, depending on the system configuration.
CVE-2024-25629
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
c-ares is a C library for asynchronous DNS requests. `ares__read_line()` is used to parse local configuration files such as `/etc/resolv.conf`, `/etc/nsswitch.conf`, the `HOSTALIASES` file, and if using a c-ares version prior to 1.27.0, the `/etc/hosts` file. If any of these configuration files has an embedded `NULL` character as the first character in a new line, it can lead to attempting to read memory prior to the start of the given buffer which may result in a crash. This issue is fixed in c-ares 1.27.0. No known workarounds exist.
CVE-2024-27982
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
The team has identified a critical vulnerability in the http server of the most recent version of Node, where malformed headers can lead to HTTP request smuggling. Specifically, if a space is placed before a content-length header, it is not interpreted correctly, enabling attackers to smuggle in a second request within the body of the first.
CVE-2024-27983
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
An attacker can make the Node.js HTTP/2 server completely unavailable by sending a small amount of HTTP/2 frames packets with a few HTTP/2 frames inside. It is possible to leave some data in nghttp2 memory after reset when headers with HTTP/2 CONTINUATION frame are sent to the server and then a TCP connection is abruptly closed by the client triggering the Http2Session destructor while header frames are still being processed (and stored in memory) causing a race condition.
CVE-2024-28182
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-3.0.1-1.module+el9+1038+5a6204f5.src.rpm
MD5: 6e4f0558380d9f1a712a446bdc2003b4
SHA-256: 63127b443c2cb9576f88efca6ebf4b1ce978d1f1c0fe2f065f5c7c855a6d320e
Size: 339.27 kB - nodejs-packaging-2021.06-4.module+el9+1038+5a6204f5.src.rpm
MD5: 51421d7684337342aadddd04556d2ad2
SHA-256: 166be1290f8f50f1f3ab8d34cebf35f9aadc672054f65edb45cf00fa49537b53
Size: 26.54 kB - nodejs-20.12.2-2.module+el9+1038+5a6204f5.src.rpm
MD5: 73ad37baab48ad41606456ae148a9b34
SHA-256: 1bcb0d01d539f8d55003b1208499dc0df35a918441037fbc69997edf61003a98
Size: 124.23 MB
Asianux Server 9 for x86_64
- nodejs-20.12.2-2.module+el9+1038+5a6204f5.x86_64.rpm
MD5: fbbf659cb8ebfef20499a262c29f3fea
SHA-256: e2e19591a8d09ee1b044047a6551dc2b7567f965eee9b8ca326873423eeb4d07
Size: 13.98 MB - nodejs-debugsource-20.12.2-2.module+el9+1038+5a6204f5.x86_64.rpm
MD5: 3f3ab3e8e3487e98364d0946242f7cbc
SHA-256: d706348aafb723f1b587ab781cf22715e2d297aac3a467cef2bdf35c33e96048
Size: 11.77 MB - nodejs-devel-20.12.2-2.module+el9+1038+5a6204f5.x86_64.rpm
MD5: 4462f42121b41ff1112b26f71bfeef8d
SHA-256: 0b3f2d25078f9d7021a919aa8f2a5d0daf721f93c815a02d77658e20cd3cb016
Size: 232.07 kB - nodejs-docs-20.12.2-2.module+el9+1038+5a6204f5.noarch.rpm
MD5: e214d074cea96023c9d8394e810969f8
SHA-256: e55dd0d5e32e331c8558c00ecca4cd1d39df54ce5e4cd3d7c3d0edc4d143eab1
Size: 8.09 MB - nodejs-full-i18n-20.12.2-2.module+el9+1038+5a6204f5.x86_64.rpm
MD5: 332ef1248c88b80b66611160c06cf8da
SHA-256: 92064c6eff8dcdfce781e6a620a75fe8155c6eb5ce2e81aba4bc7d9752e123b1
Size: 8.43 MB - nodejs-nodemon-3.0.1-1.module+el9+1038+5a6204f5.noarch.rpm
MD5: e58881bf1dc1804bd1984798d68cd1c5
SHA-256: eaacaa74b2857f08122facf98cacf9c439330da0130ef40e20d79d84bd79af05
Size: 268.41 kB - nodejs-packaging-2021.06-4.module+el9+1038+5a6204f5.noarch.rpm
MD5: 981fdf87bb78ac075607cdd4b9b7beb0
SHA-256: d26ad804a1d4e321665375c60726ba7414395d99a20a132f81a11ec4221fbf53
Size: 19.92 kB - nodejs-packaging-bundler-2021.06-4.module+el9+1038+5a6204f5.noarch.rpm
MD5: 11199eeabed139e5719a29f5075e9d29
SHA-256: ec2fc46a3281e846478ae902d8933089397653cc0195f9d700ed86aba696d25b
Size: 9.76 kB - npm-10.5.0-1.20.12.2.2.module+el9+1038+5a6204f5.x86_64.rpm
MD5: f7d22f0301bef8441d10024c9d38efe0
SHA-256: df2b8cb115fcbf2837dfa3b59551a4848264c40975ebf21e6854022ba486a07a
Size: 1.89 MB
English