nodejs:20 security update

エラータID: AXSA:2025-10487:02

リリース日: 
2025/07/15 Tuesday - 21:48
題名: 
nodejs:20 security update
影響のあるチャネル: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

以下項目について対処しました。

[Security Fix]
- node.js の 使用する c-ares には、潜在的にメモリの解放後利用を
引き起こす問題があるため、リモートの攻撃者により、巧妙に細工された
TCP クエリを介して、サービス拒否攻撃を可能とする脆弱性が存在
します。(CVE-2025-31498)

Modularity name: nodejs
Stream name: 20

解決策: 

パッケージをアップデートしてください。

CVE: 
CVE-2025-31498
c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in read_answers() when process_answer() may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed the connection immediately after a response. If there was an issue trying to put that new transaction on the wire, it would close the connection handle, but read_answers() was still expecting the connection handle to be available to possibly dequeue other responses. In theory a remote attacker might be able to trigger this by flooding the target with ICMP UNREACHABLE packets if they also control the upstream nameserver and can return a result with one of those conditions, this has been untested. Otherwise only a local attacker might be able to change system behavior to make send()/write() return a failure condition. This vulnerability is fixed in 1.34.5.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. nodejs-nodemon-3.0.1-1.module+el9+1089+45d1f771.src.rpm
    MD5: 04c701d1cadd8bc2e065f9fb9932b0a8
    SHA-256: c128768c2c5768bf92e06d9c1c1a980a738e6bf4bfe02bfc1f524b1bc5d810f2
    Size: 339.27 kB
  2. nodejs-packaging-2021.06-4.module+el9+1089+45d1f771.src.rpm
    MD5: f4bdd981ce12bd0423605e78b7f6cf79
    SHA-256: c6f5e2934083644dbd4865a621f693a79806dfa7391571013d26555bb3108b7b
    Size: 26.55 kB
  3. nodejs-20.19.1-1.module+el9+1089+45d1f771.src.rpm
    MD5: d1728336495c91d6356e9b4a8c89ae86
    SHA-256: 683805592ee771dfaaea198fa28eefae774ae9ca345bd552e2e6ad505bd386a7
    Size: 82.71 MB

Asianux Server 9 for x86_64
  1. nodejs-20.19.1-1.module+el9+1089+45d1f771.x86_64.rpm
    MD5: 2df7496234731736b85c68c5651df1d0
    SHA-256: efdc68fe33a674135046eb1cd4219d1b30e4a2e1b6e8b020200da874182872d0
    Size: 14.10 MB
  2. nodejs-debugsource-20.19.1-1.module+el9+1089+45d1f771.x86_64.rpm
    MD5: 4e657bac18f4b14fb0f794d10640a0c1
    SHA-256: 46cb6324da48aa9855dab511300c613e5a981311c259daba7762b8a4c45d9abd
    Size: 12.64 MB
  3. nodejs-devel-20.19.1-1.module+el9+1089+45d1f771.x86_64.rpm
    MD5: cb69fa7a9d091f68f723a5d61869f34b
    SHA-256: acf80802da135de908db6955bf6fabbcbd2bfea4d6e3a4ef927db613ca4355d6
    Size: 259.76 kB
  4. nodejs-docs-20.19.1-1.module+el9+1089+45d1f771.noarch.rpm
    MD5: d56f2881fd79f4f3dd369c0beed7eadd
    SHA-256: c751b976ea90fc21669abb6afd9f50985184091abf5991b97442ae38b7fbd3ed
    Size: 8.58 MB
  5. nodejs-full-i18n-20.19.1-1.module+el9+1089+45d1f771.x86_64.rpm
    MD5: 1514a3fa5f461a53bb7360ca4f491236
    SHA-256: a79066f31e9054c0adde381fe083be6090e1e2e6233f02e07aad400d83af4949
    Size: 8.59 MB
  6. nodejs-nodemon-3.0.1-1.module+el9+1089+45d1f771.noarch.rpm
    MD5: d4f776380862c8f3f1886341f66976f6
    SHA-256: 1c5c26730a5065d3a25e81614367f3d32b318d19d00d8fdb7738b1584a72e5ae
    Size: 332.28 kB
  7. nodejs-packaging-2021.06-4.module+el9+1089+45d1f771.noarch.rpm
    MD5: 68039d66f380e29fc67a83eb20b34664
    SHA-256: 652b88c06c3dc35891ae395814f9aecb2ea7754cbc28809fe52bd90a924805a2
    Size: 19.92 kB
  8. nodejs-packaging-bundler-2021.06-4.module+el9+1089+45d1f771.noarch.rpm
    MD5: 8c2057c67716734ff72e03935641f67f
    SHA-256: 70880198f1759d43edd1472acb48bf6383ed576b732a500be7f1d561cafb3589
    Size: 9.76 kB
  9. npm-10.8.2-1.20.19.1.1.module+el9+1089+45d1f771.x86_64.rpm
    MD5: f1db57bcb1814bcc78d69a41ecf8a83a
    SHA-256: 0673886764e7d00068c2ba825aac4a4b9059e928b26fa7782b21b2b83389bcfb
    Size: 2.22 MB