Important: nodejs:18 security update

🗓️ 25 Mar 2024 00:00:00Reported by AlmaLinuxType

almalinux

almalinux🔗 errata.almalinux.org👁 50 Views

Security update for nodej

Reporter	Title	Published	Views	Family All 344
IBM Security Bulletins	Security Bulletin: Node.js vulnerabilities affect IBM Spectrum Control	8 Jul 202409:24	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a denial of service	13 May 202423:54	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Node.js affect IBM Voice Gateway	1 Apr 202418:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and denial of service due to [CVE-2023-46809] [CVE-2024-21892] [CVE-2024-22019]	23 Apr 202414:05	–	ibm
IBM Security Bulletins	Security Bulletin: Denial of service vulnerabilities in Node.js affects IBM Rational Developer for i RPG and COBOL + Modernization Tools, Java Edition	30 May 202418:50	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities	19 Mar 202417:46	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway is vulnerable to Denial of Service due to use of Node.js	1 Apr 202411:40	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Node.js	29 Aug 202419:04	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation Fixes for May 2024.	15 Apr 202502:38	–	ibm
IBM Security Bulletins	Security Bulletin: Netcool Operations Insights 1.6.13 addresses multiple security vulnerabilities.	31 Jul 202411:01	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
almalinux	9	x86_64	nodejs-devel	18.19.1-1.module_el9.3.0+59+28b95644	nodejs-devel-18.19.1-1.module_el9.3.0+59+28b95644.x86_64.rpm
almalinux	9	x86_64	nodejs	18.19.1-1.module_el9.3.0+59+28b95644	nodejs-18.19.1-1.module_el9.3.0+59+28b95644.x86_64.rpm
almalinux	9	noarch	nodejs-docs	18.19.1-1.module_el9.3.0+59+28b95644	nodejs-docs-18.19.1-1.module_el9.3.0+59+28b95644.noarch.rpm
almalinux	9	noarch	nodejs-nodemon	3.0.1-1.module_el9.2.0+36+853e48f5	nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm
almalinux	9	noarch	nodejs-packaging	2021.06-4.module_el9.1.0+13+d9a595ea	nodejs-packaging-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm
almalinux	9	x86_64	nodejs-full-i18n	18.19.1-1.module_el9.3.0+59+28b95644	nodejs-full-i18n-18.19.1-1.module_el9.3.0+59+28b95644.x86_64.rpm
almalinux	9	noarch	nodejs-packaging-bundler	2021.06-4.module_el9.1.0+13+d9a595ea	nodejs-packaging-bundler-2021.06-4.module_el9.1.0+13+d9a595ea.noarch.rpm
almalinux	9	x86_64	npm	10.2.4-1.18.19.1.1.module_el9.3.0+59+28b95644	npm-10.2.4-1.18.19.1.1.module_el9.3.0+59+28b95644.x86_64.rpm
almalinux	9	ppc64le	nodejs	18.19.1-1.module_el9.3.0+59+28b95644	nodejs-18.19.1-1.module_el9.3.0+59+28b95644.ppc64le.rpm
almalinux	9	ppc64le	nodejs-full-i18n	18.19.1-1.module_el9.3.0+59+28b95644	nodejs-full-i18n-18.19.1-1.module_el9.3.0+59+28b95644.ppc64le.rpm

Source	Link
access	www.access.redhat.com/errata/RHSA-2024:1503
access	www.access.redhat.com/security/cve/CVE-2023-46809
access	www.access.redhat.com/security/cve/CVE-2024-21892
access	www.access.redhat.com/security/cve/CVE-2024-22019
bugzilla	www.bugzilla.redhat.com/2264569
bugzilla	www.bugzilla.redhat.com/2264574
bugzilla	www.bugzilla.redhat.com/2264582
errata	www.errata.almalinux.org/9/ALSA-2024-1503.html

04 Apr 2024 09:21Current

8High risk

Vulners AI Score8

CVSS 3.17.4 - 7.8

CVSS 37.5

EPSS0.01239

SSVC

node.js linux capabilities code injection privilege escalation http request dos attacks bleichenbacher attack pkcs#1 v1.5 padding