nodejs:18 security, bug fix, and enhancement update

🗓️ 06 Dec 2022 15:25:25Reported by Rockylinux Product ErrataType

rocky

rocky🔗 errata.rockylinux.org👁 39 Views

Node.js security update for Rocky Linux 9, with fixes for ReDoS and DNS rebinding vulnerabilitie

Reporter	Title	Published	Views	Family All 345
IBM Security Bulletins	Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities	16 May 202420:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to Node.js (CVE-2022-43548 & CVE-2022-35256)	6 Jan 202314:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Marked, Minimatch and Logback might affect IBM Storage Defender Copy Data Management	26 Sep 202519:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities	21 Oct 202415:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to minimatch denial of service (CVE-2022-3517)	7 Dec 202220:26	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in minimatch may affect IBM Robotic Process Automation and result in a denial of service (CVE-2022-3517)	25 Jan 202320:41	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	1 Mar 202309:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Db2® Graph is vulnerable to remote execution of arbitrary commands due to Node.js CVE-2022-43548	17 Apr 202316:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)	22 Jun 202320:24	–	ibm
IBM Security Bulletins	Security Bulletin: Security Vulnerabilities in moment, ansi-regex, Node.js, and minimatch may affect IBM Spectrum Protect Client and IBM Spectrum Protect for Space Management (CVE-2022-31129, CVE-2022-24785, CVE-2021-3807, CVE-2022-29244, CVE-2022-3517)	17 Mar 202309:26	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Rocky Linux	9	any	nodejs-packaging	0:2021.06-4.module+el9.6.0+32143+ae966e5b	nodejs-packaging-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm
Rocky Linux	9	any	nodejs-packaging	0:2021.06-4.module+el9.6.0+32185+bd121a25	nodejs-packaging-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm
Rocky Linux	9	any	nodejs-packaging	0:2021.06-4.module+el9.6.0+32494+726e9034	nodejs-packaging-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm
Rocky Linux	9	any	nodejs-packaging-bundler	0:2021.06-4.module+el9.6.0+32143+ae966e5b	nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32143+ae966e5b.noarch.rpm
Rocky Linux	9	any	nodejs-packaging-bundler	0:2021.06-4.module+el9.6.0+32185+bd121a25	nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32185+bd121a25.noarch.rpm
Rocky Linux	9	any	nodejs-packaging-bundler	0:2021.06-4.module+el9.6.0+32494+726e9034	nodejs-packaging-bundler-0:2021.06-4.module+el9.6.0+32494+726e9034.noarch.rpm

06 Dec 2022 15:25Current

7.5High risk

Vulners AI Score7.5

CVSS 3.18.1

EPSS0.14024

SSVC

node.js security update rocky linux 9 redos dns rebinding cve-2022-3517 cve-2022-43548 cvss score upgrade upstream version