nodejs:22 security update
エラータID: AXSA:2025-9686:01
リリース日:
2025/02/20 Thursday - 16:45
題名:
nodejs:22 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Node.js の undici パッケージの Math.random() 関数
には、出力値の予測が可能なことを利用したマルチパート
リクエストデータ領域の範囲外アクセスの問題があるため、
リモートの攻撃者により、細工されたマルチパートリクエスト
の送信を介して、情報の漏洩、およびリクエストデータの改竄
を可能とする脆弱性が存在します。(CVE-2025-22150)
- Node.js のディアゴノスティクスチャネルユーティリティー
には、ワーカースレッドを作成するたびにそのイベントの
フックを許容してしまう問題があるため、ローカルの攻撃者
により、情報の漏洩、データ破壊、およびサービス拒否攻撃
などを可能とする脆弱性が存在します。(CVE-2025-23083)
- Node.js の nghttp2 には、リモートの攻撃者により、
GOAWAY 通知を送信せずにソケットをクローズすることを
介して、サービス拒否攻撃 (メモリリークの発生) を可能と
する脆弱性が存在します。(CVE-2025-23085)
Modularity name: nodejs
Stream name: 18
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-22150
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
Undici is an HTTP/1.1 client. Starting in version 4.5.0 and prior to versions 5.28.5, 6.21.1, and 7.2.3, undici uses `Math.random()` to choose the boundary for a multipart/form-data request. It is known that the output of `Math.random()` can be predicted if several of its generated values are known. If there is a mechanism in an app that sends multipart requests to an attacker-controlled website, they can use this to leak the necessary values. Therefore, an attacker can tamper with the requests going to the backend APIs if certain conditions are met. This is fixed in versions 5.28.5, 6.21.1, and 7.2.3. As a workaround, do not issue multipart requests to attacker controlled servers.
CVE-2025-23083
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
With the aid of the diagnostics_channel utility, an event can be hooked into whenever a worker thread is created. This is not limited only to workers but also exposes internal workers, where an instance of them can be fetched, and its constructor can be grabbed and reinstated for malicious usage. This vulnerability affects Permission Model users (--permission) on Node.js v20, v22, and v23.
CVE-2025-23085
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. This vulnerability affects HTTP/2 Server users on Node.js v18.x, v20.x, v22.x and v23.x.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-3.0.1-1.module+el9+1068+b6f05300.src.rpm
MD5: 04b5dbe8e2c6729f057af873a7125864
SHA-256: d55b630cf62b602d973949980b7cc7655a7a4d216eda531f32af16d0718fd717
Size: 339.27 kB - nodejs-packaging-2021.06-4.module+el9+1068+b6f05300.src.rpm
MD5: d1681a7bce8923014f49144181d08526
SHA-256: bfda880803be36be6af3fc00db71b248e127f0e69afb4f55327ca1378b6c5c74
Size: 26.54 kB - nodejs-22.13.1-1.module+el9+1068+b6f05300.src.rpm
MD5: 71788288a61691df3e507d067ec3a842
SHA-256: 20ae86e30097226584401f648a09ad239db5fbfd1b613fbe08bc4ab3beade3c7
Size: 89.03 MB
Asianux Server 9 for x86_64
- nodejs-22.13.1-1.module+el9+1068+b6f05300.x86_64.rpm
MD5: e5eb28ceb9785fee1dae230252963735
SHA-256: 025a28f3fcc60a0fe206618c57654f68887743a0b1477aba5e28db325c00025e
Size: 2.33 MB - nodejs-debugsource-22.13.1-1.module+el9+1068+b6f05300.x86_64.rpm
MD5: 0a3bc4510b45cbb12986d980041c8495
SHA-256: 253bd24ca96d79cb99b49a68bb0c7606b9546f1e2e66f70aa94dca0195fde52a
Size: 17.49 MB - nodejs-devel-22.13.1-1.module+el9+1068+b6f05300.x86_64.rpm
MD5: 2668a89341c1954389eb17e39dcfeadc
SHA-256: c8f2f1fde103d4f76418d7ced9f309216819fc3727c9bdfe09d44daa52041bbf
Size: 274.28 kB - nodejs-docs-22.13.1-1.module+el9+1068+b6f05300.noarch.rpm
MD5: 2f2c932c5afbfe0cea3f8c15cbca7f5b
SHA-256: 12732a60ba8011228400af05af988986c9b734bf03251fe24e3fd9cddeae4915
Size: 8.80 MB - nodejs-full-i18n-22.13.1-1.module+el9+1068+b6f05300.x86_64.rpm
MD5: 0868d04d96b00533e6a03f318ecc9971
SHA-256: c0291ba5c14b3de763534fc666e73a2245e4d8766dc5803227b421da5656efd4
Size: 8.60 MB - nodejs-libs-22.13.1-1.module+el9+1068+b6f05300.x86_64.rpm
MD5: 36c59832103e2c7148bfb586b34ba7d8
SHA-256: d6afe4db0281412509824baa6b00b7d076462832e1040624db2b1957a036aa9b
Size: 19.91 MB - nodejs-nodemon-3.0.1-1.module+el9+1068+b6f05300.noarch.rpm
MD5: a7526bea3332462b7e0b931cb8514267
SHA-256: d2d5f7248133256f6093987cf86588586044ea880427a03ac36c4d9a4d359402
Size: 332.27 kB - nodejs-packaging-2021.06-4.module+el9+1068+b6f05300.noarch.rpm
MD5: 41b9d2a08ca649543612a96aa93aef35
SHA-256: d1d98d1cfa9f2b3f4a42004695f0600db827651e8ce872a03d455467face77a7
Size: 19.91 kB - nodejs-packaging-bundler-2021.06-4.module+el9+1068+b6f05300.noarch.rpm
MD5: aacf16e00ce4fa7e4e6fed71a3309be9
SHA-256: 79233f32f068e936e245b060fadcbce11be2a9b2a4c958df9da91ef7abe9a0c2
Size: 9.76 kB - npm-10.9.2-1.22.13.1.1.module+el9+1068+b6f05300.x86_64.rpm
MD5: ddae7078f45e49e8245d11df763dc16f
SHA-256: 2bd0a4cac0418f1c7f0877b22fe5dc5f2580b23598c3dcf68b7249b4544e7b06
Size: 2.51 MB - v8-12.4-devel-12.4.254.21-1.22.13.1.1.module+el9+1068+b6f05300.x86_64.rpm
MD5: f77d083e0bcce83dde6907b169f96891
SHA-256: ae9f2b350126bd8781b931fe49ce4cfe1537412e3dde4e7348539e45db01b3e3
Size: 13.87 kB
English