nodejs:22 security update
エラータID: AXSA:2025-9926:01
リリース日:
2025/05/14 Wednesday - 17:41
題名:
nodejs:22 security update
影響のあるチャネル:
Asianux Server 8 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- node.js の 使用する c-ares には、潜在的にメモリの解放後理由を
引き起こす問題があるため、リモートの攻撃者により、巧妙に細工された
TCP クエリを介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2025-31498)
- node.js の使用する SQLite には、整数オーバーフローを起因とした
バッファオーバーフローを引き起こす問題があるため、リモートの攻撃者
により、巧妙に細工された設定を介して、任意コード実行を可能とする
脆弱性が存在します。(CVE-2025-3277)
Modularity name: nodejs
Stream name: 22
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
CVE-2025-3277
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-3.0.1-1.module+el8+1870+1a6b2b6a.src.rpm
MD5: 085345f1bf4e7a28b7a6fa8224074839
SHA-256: ebad8d423596ac61b90de092d7ec25ac82ff9af9dfca595b03d5df9923c5da0b
Size: 340.07 kB - nodejs-packaging-2021.06-4.module+el8+1870+1a6b2b6a.src.rpm
MD5: 6fce7f173ca18c38b55be1351e77c30e
SHA-256: 7b117706fdcf10a0a8f3f32ff33ad2b8636a513b43dd361b54ed0888118d2809
Size: 30.62 kB - nodejs-22.15.0-1.module+el8+1870+1a6b2b6a.src.rpm
MD5: ee543e53affafe59ee61a3353dc9ee1c
SHA-256: 6081462cb0cf6827ef3cf739e1563d7af4e99221640cb1b095c19c25ebb2d2db
Size: 93.43 MB
Asianux Server 8 for x86_64
- nodejs-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 9ba03a8849c06b0577d45cf19228efb7
SHA-256: 46f6e9328665968230f10dd686aa094a726e93214c2c3fbf0e7cd822504f9724
Size: 2.11 MB - nodejs-debugsource-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 6ab63cd2e9b65e5842e553d2b37019c3
SHA-256: 80553d85bbb96e82842ebe2680e246ac8f5a72042d903d51e2ab67a13a156dbc
Size: 19.91 MB - nodejs-devel-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 5108d23ef76b96d3de9ebd7fedb8dd46
SHA-256: 91619c23eefae9242df57de9f0e9985c37956389b29bbb45d08beeec27f82667
Size: 267.76 kB - nodejs-docs-22.15.0-1.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 1ec2031c8a7b352c4363ec91dce6c82e
SHA-256: 34c75ac3e6f2b1b5d0b9f8a1ff1a6316e65eb91a5195dc1499efdeaddbc7e644
Size: 11.32 MB - nodejs-full-i18n-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 20d2cd31a509d14e3834044eef21280b
SHA-256: d4af3f134d0a108ddaf9e6b21eb452d0390aea575d9a28501fa16dcce41a4392
Size: 8.31 MB - nodejs-libs-22.15.0-1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: dc14f15b5c80715e15bf3949e070ef64
SHA-256: 9ce89c0b23d748cfc70ae17843ce260696848668463fadbf57bf8b2545955d95
Size: 20.54 MB - nodejs-nodemon-3.0.1-1.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 64534f122e9658a596079d1a577ef607
SHA-256: 42d398b568f38d5f878082b93007f6fc5807d55543e2520349bb5d5cd74f161d
Size: 281.67 kB - nodejs-packaging-2021.06-4.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 8003a426ab757e6938a0ceb11b6146bf
SHA-256: d0bcfe8396c822276072b4b8d23273e5eb1f476fdd9d961344b49dbf0961d80f
Size: 24.25 kB - nodejs-packaging-bundler-2021.06-4.module+el8+1870+1a6b2b6a.noarch.rpm
MD5: 0a74ce78a8d5bffad25f8e529d45dc7f
SHA-256: 8d0e466ba005db83f52a9b608ab0a5803bd5c9033fae029be449f457b87b3abb
Size: 13.87 kB - npm-10.9.2-1.22.15.0.1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: f9e4d585b4e100875971b692b6df8159
SHA-256: 9fc54f8fd6e2588cd596fbd604e1043ea5232d2436693f2ea92bcafd62d36b27
Size: 2.28 MB - v8-12.4-devel-12.4.254.21-1.22.15.0.1.module+el8+1870+1a6b2b6a.x86_64.rpm
MD5: 16052f9fddb45a690243aa8ca9d860e4
SHA-256: 69f12e9c1a2536781aeaf9b21d5ab5b1cea806cc1d7822cf874dd87334abdc49
Size: 14.55 kB
English