RHSA-2020:3042: Important: nodejs:10 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (10.21.0).Security Fix(es): nghttp2: overly large SETTINGS frames can lead to DoS (CVE-2020-11080) nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or proto payload (CVE-2020-7598) nodejs: memory corruption in napigetvaluestring functions (CVE-2020-8174) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2020:3042?
The severity of RHSA-2020:3042 is classified as a moderate security vulnerability.
How do I fix RHSA-2020:3042?
To fix RHSA-2020:3042, upgrade the affected packages to the latest versions specified in the advisory.
Which packages are affected by RHSA-2020:3042?
The affected packages in RHSA-2020:3042 include nodejs, nodejs-nodemon, nodejs-packaging, and several related documentation and debug packages.
What is the latest version for nodejs under RHSA-2020:3042?
The latest version for nodejs under RHSA-2020:3042 is 10.21.0-3.module+el8.0.0+7067+054302d1.
Is RHSA-2020:3042 related to any specific vulnerabilities?
Yes, RHSA-2020:3042 addresses security fixes related to the nghttp2 package, specifically for large SETTI requests.