nodejs and nodejs-nodemon security, bug fix, and enhancement update

🗓️ 23 Jan 2023 14:30:11Reported by Rockylinux Product ErrataType

rocky

rocky🔗 errata.rockylinux.org👁 51 Views

Node.js nodemon security update for Rocky Linux

Reporter	Title	Published	Views	Family All 668
IBM Security Bulletins	Security Bulletin: IBM i Modernization Engine for Lifecycle Integration is vulnerable to multiple vulnerabilities	16 May 202420:23	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus are vulnerable to a remote attacker due to Node.js (CVE-2022-43548 & CVE-2022-35256)	6 Jan 202314:37	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Marked, Minimatch and Logback might affect IBM Storage Defender Copy Data Management	26 Sep 202519:29	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cognos Analytics Mobile (Android) is affected by multiple vulnerabilities	21 Oct 202415:52	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to minimatch denial of service (CVE-2022-3517)	7 Dec 202220:26	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in minimatch may affect IBM Robotic Process Automation and result in a denial of service (CVE-2022-3517)	25 Jan 202320:41	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities	23 Aug 202222:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor	1 Mar 202309:00	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Db2® Graph is vulnerable to remote execution of arbitrary commands due to Node.js CVE-2022-43548	17 Apr 202316:30	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Planning Analytics Workspace is affected by vulnerabilities in Node.js (CVE-2022-43548, CVE-2020-7676, CVE-2021-42550, CVE-2021-38561, CVE-2022-32149)	22 Jun 202320:24	–	ibm

OS	OS Version	Architecture	Package	Package Version	Filename
Rocky Linux	9	aarch64	nodejs	1:16.18.1-3.el9_1	nodejs-1:16.18.1-3.el9_1.aarch64.rpm
Rocky Linux	9	ppc64le	nodejs	1:16.18.1-3.el9_1	nodejs-1:16.18.1-3.el9_1.ppc64le.rpm
Rocky Linux	9	s390x	nodejs	1:16.18.1-3.el9_1	nodejs-1:16.18.1-3.el9_1.s390x.rpm
Rocky Linux	9	x86_64	nodejs	1:16.18.1-3.el9_1	nodejs-1:16.18.1-3.el9_1.x86_64.rpm
Rocky Linux	9	aarch64	nodejs-debuginfo	1:16.18.1-3.el9_1	nodejs-debuginfo-1:16.18.1-3.el9_1.aarch64.rpm
Rocky Linux	9	ppc64le	nodejs-debuginfo	1:16.18.1-3.el9_1	nodejs-debuginfo-1:16.18.1-3.el9_1.ppc64le.rpm
Rocky Linux	9	s390x	nodejs-debuginfo	1:16.18.1-3.el9_1	nodejs-debuginfo-1:16.18.1-3.el9_1.s390x.rpm
Rocky Linux	9	x86_64	nodejs-debuginfo	1:16.18.1-3.el9_1	nodejs-debuginfo-1:16.18.1-3.el9_1.x86_64.rpm
Rocky Linux	9	aarch64	nodejs-debugsource	1:16.18.1-3.el9_1	nodejs-debugsource-1:16.18.1-3.el9_1.aarch64.rpm
Rocky Linux	9	ppc64le	nodejs-debugsource	1:16.18.1-3.el9_1	nodejs-debugsource-1:16.18.1-3.el9_1.ppc64le.rpm

23 Jan 2023 14:30Current

8.7High risk

Vulners AI Score8.7

CVSS 27.5

CVSS 3.18.1 - 9.8

EPSS0.14024

SSVC

node.js security patch rocky linux 9 cve-2021-44906 cve-2022-3517 cve-2022-35256 cve-2022-43548 undici bug fix