nodejs:18 security update
エラータID: AXSA:2025-9685:01
リリース日:
2025/02/20 Thursday - 16:15
題名:
nodejs:18 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
Moderate
Description:
以下項目について対処しました。
[Security Fix]
- Node.js の undici パッケージの Math.random() 関数
には、出力値の予測が可能なことを利用したマルチパート
リクエストデータ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、細工されたマルチパートリクエスト
の送信を介して、情報の漏洩、およびリクエストデータの改竄
を可能とする脆弱性が存在します。(CVE-2025-22150)
- Node.js の nghttp2 には、リモートの攻撃者により、
GOAWAY 通知を送信せずにソケットをクローズすることを
介して、サービス拒否攻撃 (メモリリークの発生) を可能と
する脆弱性が存在します。(CVE-2025-23085)
Modularity name: nodejs
Stream name: 18
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-3.0.1-1.module+el9+1067+602828ad.src.rpm
MD5: c4c5ca66681eb621d86b986c2eb616c8
SHA-256: b7836542661b48c7862c4949bdbd3d109aa1991320809d85ac6fa4fc00c04e04
Size: 339.27 kB - nodejs-packaging-2021.06-4.module+el9+1067+602828ad.src.rpm
MD5: af79e18d8b76adfce9962cc679219ece
SHA-256: 607e51ccee0e7c8a8eecef10705d7f22b6ef2df84aa8870d8ff4c778a668822f
Size: 26.54 kB - nodejs-18.20.6-1.module+el9+1067+602828ad.src.rpm
MD5: bcf180cb93e86d51059b9ab5128cdd73
SHA-256: c40cb6621139ef88897217ce056c9962266b8fccf92e8be40f7c361439f5ff05
Size: 122.25 MB
Asianux Server 9 for x86_64
- nodejs-18.20.6-1.module+el9+1067+602828ad.x86_64.rpm
MD5: 8b712cd28944e1251929e8330f70b7c3
SHA-256: c15d0490ba0366ad8fd574f6a685850efdd7410a1564be08f124604164dff447
Size: 12.62 MB - nodejs-debugsource-18.20.6-1.module+el9+1067+602828ad.x86_64.rpm
MD5: c7d2081183f0ec81684107a0250e82dd
SHA-256: a674f6dab6a38a56c0b324cf86b89eba5e3d155be8176b5205af6b5274f968a2
Size: 12.35 MB - nodejs-devel-18.20.6-1.module+el9+1067+602828ad.x86_64.rpm
MD5: a261067af96d8994cde6a2e090f492a0
SHA-256: b09b57cb7cafbfe451f882a606885e95f19f49f4a3de83ef46575e6b8d6bb471
Size: 201.50 kB - nodejs-docs-18.20.6-1.module+el9+1067+602828ad.noarch.rpm
MD5: e086b3570635d9b438514c787ae57430
SHA-256: 488b6da9284b61aa2310bc255b853889c10871dab2be6b27590a9e18e0ca7fb7
Size: 7.93 MB - nodejs-full-i18n-18.20.6-1.module+el9+1067+602828ad.x86_64.rpm
MD5: 1adddce9e956fea36e5d87bace587fe4
SHA-256: 4d96ac0ccd81ab051938b6209818e60e92e562daa26791867552dc61a4990f41
Size: 8.43 MB - nodejs-nodemon-3.0.1-1.module+el9+1067+602828ad.noarch.rpm
MD5: 7a432a4a770da85f2f49b04b46bde3e8
SHA-256: 884e118837136ca4f576d13cb6f99119be754055ab10c682862ea153ab86b75f
Size: 332.31 kB - nodejs-packaging-2021.06-4.module+el9+1067+602828ad.noarch.rpm
MD5: 7f0428c9a856c1c50630baaa83954a37
SHA-256: 01f708ecb4edd86c631bb4a2994d650806e831f43c08977a7d08684dbb63a99a
Size: 19.92 kB - nodejs-packaging-bundler-2021.06-4.module+el9+1067+602828ad.noarch.rpm
MD5: 12a27b16dbc2f06a07dd227e323a2cd6
SHA-256: 2a9317e02a45617cd1247332720b6c575b4e75049a259e4d070917b4232da690
Size: 9.76 kB - npm-10.8.2-1.18.20.6.1.module+el9+1067+602828ad.x86_64.rpm
MD5: 4330d962d0397d9d6a0a411314447c74
SHA-256: 438d483db208926b1da8005f0cf77d02bc9a262b6058c18c5ded2a8cef8935b5
Size: 2.22 MB