nodejs:22 security update
エラータID: AXSA:2025-10479:01
リリース日:
2025/07/15 Tuesday - 17:45
題名:
nodejs:22 security update
影響のあるチャネル:
MIRACLE LINUX 9 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- node.js の 使用する c-ares には、潜在的にメモリの解放後利用を
引き起こす問題があるため、リモートの攻撃者により、巧妙に細工された
TCP クエリを介して、サービス拒否攻撃を可能とする脆弱性が存在します。
(CVE-2025-31498)
- node.js の使用する SQLite には、整数オーバーフローを起因とした
バッファオーバーフローを引き起こす問題があるため、リモートの攻撃
者により、巧妙に細工された設定を介して、任意コード実行を可能と
する脆弱性が存在します。(CVE-2025-3277)
Modularity name: nodejs
Stream name: 22
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
CVE-2025-3277
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.
追加情報:
N/A
ダウンロード:
SRPMS
- nodejs-nodemon-3.0.1-1.module+el9+1091+a024787b.src.rpm
MD5: b616af167570257ed14f10af569b02c6
SHA-256: 77966b029e7421b0a6159005f63adde73e98e98a2622a46c161267a607d79ce5
Size: 339.27 kB - nodejs-packaging-2021.06-4.module+el9+1091+a024787b.src.rpm
MD5: e6a211348c65a2122b6051da6d7e9a51
SHA-256: 0b9769576fc248f097e1a7c1d7862cf49904bdc9497bf896bbc7be3a50d94304
Size: 26.54 kB - nodejs-22.15.0-1.module+el9+1091+a024787b.src.rpm
MD5: 7aaad81552db642dc3006dfd92d92004
SHA-256: 64e62aa7f9329b28cd9d41fbe07e5d46c8dc96d03f248c3387604711fa017196
Size: 90.33 MB
Asianux Server 9 for x86_64
- nodejs-22.15.0-1.module+el9+1091+a024787b.x86_64.rpm
MD5: b5f4e49941e43d2dc0cb93276e8661d0
SHA-256: 75321bbbc94533e9bf49a6c9fbdae266555889fff3684537e2723082ec1984b4
Size: 2.33 MB - nodejs-debugsource-22.15.0-1.module+el9+1091+a024787b.x86_64.rpm
MD5: f041ee6403d3f22e528e777120eada55
SHA-256: cc7505f9d5ef30914e1700f52fcac558e4b463e0cab818d71f754ae8c0af64b8
Size: 18.07 MB - nodejs-devel-22.15.0-1.module+el9+1091+a024787b.x86_64.rpm
MD5: d96eacd71a1f75341c396ab99dae70c1
SHA-256: 31c0314500aa6dc8518aee05db3820f1dc00680b7c2a3a7fdb8999a551848def
Size: 275.05 kB - nodejs-docs-22.15.0-1.module+el9+1091+a024787b.noarch.rpm
MD5: f5b9e3e28e76154d4d7bb222a3963710
SHA-256: 6f28edb7454a648cd64dabcdf2f86ebc643e5364ff278c3f61c57befb9e43783
Size: 8.93 MB - nodejs-full-i18n-22.15.0-1.module+el9+1091+a024787b.x86_64.rpm
MD5: 70ffc2a996dd501f808dd0cce335576e
SHA-256: 1ae2ec9ead7ca346b90d3668fe06acf6740a5f3647ab38f1e7b8d419e89e4b1e
Size: 8.59 MB - nodejs-libs-22.15.0-1.module+el9+1091+a024787b.x86_64.rpm
MD5: b8034e725ada2981c0228e07213c1e07
SHA-256: c557bcc36004cd82f3a11fb6adcb321873b71f7bd3a6d5b364c4165eddbc8c42
Size: 20.30 MB - nodejs-nodemon-3.0.1-1.module+el9+1091+a024787b.noarch.rpm
MD5: 2ff875dcd3e2f718d3942033eb91ee99
SHA-256: b61543d0e2715dec5620bef3e86a0b63b02f289d6880ba2c2eb6b80c1b5d9afa
Size: 332.26 kB - nodejs-packaging-2021.06-4.module+el9+1091+a024787b.noarch.rpm
MD5: a9786ffd77b915921964d297f6ebda37
SHA-256: 2926993bc65eb371d312d2773cfe8bedf4100a75a58ca17381f1a9d4e863a20f
Size: 19.92 kB - nodejs-packaging-bundler-2021.06-4.module+el9+1091+a024787b.noarch.rpm
MD5: 4c7ac0c3346af2a9539a4206e902daa2
SHA-256: a6b537477f450f254e3d1ea1f3084518ec046a1da972b16ffa4f701a130966f7
Size: 9.75 kB - npm-10.9.2-1.22.15.0.1.module+el9+1091+a024787b.x86_64.rpm
MD5: 60a7bff60b24e39d5f93394bb0ba767e
SHA-256: 27000c0ff60e25cc8b7354b3ab477c364c7c2d8c5d9f5a394b6761e5831d385b
Size: 2.51 MB - v8-12.4-devel-12.4.254.21-1.22.15.0.1.module+el9+1091+a024787b.x86_64.rpm
MD5: dcfbc3ba883f9e25adb08f5c082616b2
SHA-256: da64a53573f4fab7e806cf1667525ccd809a4194847464414c32952920f26e98
Size: 14.42 kB
English