nodejs:20 security update
エラータID: AXSA:2025-9682:01
リリース日:
2025/02/19 Wednesday - 19:12
題名:
nodejs:20 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Node.js の undici パッケージの Math.random() 関数
には、出力値の予測が可能なことを利用したマルチパート
リクエストデータ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、細工されたマルチパートリクエスト
の送信を介して、情報の漏洩、およびリクエストデータの改竄
を可能とする脆弱性が存在します。(CVE-2025-22150)
- Node.js のディアゴノスティクスチャネルユーティリティー
には、ワーカースレッドを作成するたびにそのイベントの
フックを許容してしまう問題があるため、ローカルの攻撃者
により、情報の漏洩、データ破壊、およびサービス拒否攻撃
などを可能とする脆弱性が存在します。(CVE-2025-23083)
- Node.js の nghttp2 には、リモートの攻撃者により、
GOAWAY 通知を送信せずにソケットをクローズすることを
介して、サービス拒否攻撃 (メモリリークの発生) を可能と
する脆弱性が存在します。(CVE-2025-23085)
Modularity name: nodejs
Stream name: 20
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
CVE-2025-23083
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-3.0.1-1.module+el9+1066+058fd216.src.rpm
MD5: 26cc2db5b3795f424bf2f3f9ed06ce7b
SHA-256: c41e36a7f75834f346d21dadd7224a355e96da9aa7ba90c2905d8c49cae905a0
Size: 339.27 kB - nodejs-packaging-2021.06-4.module+el9+1066+058fd216.src.rpm
MD5: 6ef8d60498b5d0e247d730468672c656
SHA-256: 2ee18ba8e33d5bebd87c8d685a4fa5749b85f91584dde2447009d42562801eed
Size: 26.54 kB - nodejs-20.18.2-1.module+el9+1066+058fd216.src.rpm
MD5: ba228683a76558f539876c30fbb64a72
SHA-256: 9cf3565fcaea9eb1af2159603da5a6c0d4ecf4077c50fdcb633ae43917a7de42
Size: 82.43 MB
Asianux Server 9 for x86_64
- nodejs-20.18.2-1.module+el9+1066+058fd216.x86_64.rpm
MD5: 699202b4c091ad4a94304575b47ec01c
SHA-256: 44958f11c7031f4677f9d08737911441c9c73127658eaa4e789d3c8d6707b670
Size: 14.04 MB - nodejs-debugsource-20.18.2-1.module+el9+1066+058fd216.x86_64.rpm
MD5: 8315982a866876c1a9ffa4e53f3d52e9
SHA-256: 94f7fca577228ce77dbfb3caa9bdae0fafb33c24b83b1b594ddfe2c9982cac06
Size: 12.60 MB - nodejs-devel-20.18.2-1.module+el9+1066+058fd216.x86_64.rpm
MD5: 8454bc68140f6750ba1662cbf589e67f
SHA-256: c2843a09863a10c4345e1306e7e43ad2cfd68d319e513220d620ba203d9e8885
Size: 259.67 kB - nodejs-docs-20.18.2-1.module+el9+1066+058fd216.noarch.rpm
MD5: 6b0e564bd2d09868cbf7d018c99ca0db
SHA-256: a4e135c695271d71ecaaf4eeb4db8142821f6955cf4117302c93c333e20e38f2
Size: 8.51 MB - nodejs-full-i18n-20.18.2-1.module+el9+1066+058fd216.x86_64.rpm
MD5: 6d6c1130a549c4a944d3238ce59786dd
SHA-256: 0830683e83436d605180a57def5cf177720bcfdf57274b0ffd5a62ea586b5ca5
Size: 8.42 MB - nodejs-nodemon-3.0.1-1.module+el9+1066+058fd216.noarch.rpm
MD5: ab47e943d7cb4687879ddd3692b98978
SHA-256: 3843317ab100862127b734f0f2df46bab3ce03ee1356cfa607287282c90e49a3
Size: 332.36 kB - nodejs-packaging-2021.06-4.module+el9+1066+058fd216.noarch.rpm
MD5: 2f7e148cd76e228adc17e9247ea75ff5
SHA-256: fce2e2ee99fbda74bca9f326f626cb23760eae2f158eaa64b52037321bd900d4
Size: 19.92 kB - nodejs-packaging-bundler-2021.06-4.module+el9+1066+058fd216.noarch.rpm
MD5: 7a1624a9bea09b7828c0c9deae7df5fc
SHA-256: 2f45d75bec9310eda9084dea4d3bcad00e268661cce8310be3e46e1c8efa12ba
Size: 9.76 kB - npm-10.8.2-1.20.18.2.1.module+el9+1066+058fd216.x86_64.rpm
MD5: 4e80c92f143130dbbac3cdd152c6fb8c
SHA-256: f4267d8818e0f406a261a1973d55630674953f843fcb185e57c392b508a1041c
Size: 2.22 MB
English