RHSA-2023:0321: Moderate: nodejs and nodejs-nodemon security, bug fix, and enhancement update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs (16.18.1), nodejs-nodemon (2.0.20).Security Fix(es): minimist: prototype pollution (CVE-2021-44906) nodejs-minimatch: ReDoS via the braceExpand function (CVE-2022-3517) nodejs: HTTP Request Smuggling due to incorrect parsing of header fields (CVE-2022-35256) nodejs: DNS rebinding in inspect via invalid octal IP address (CVE-2022-43548) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.Bug Fix(es): nodejs: Packaged version of undici does not fit with declared version. [rhel-9] (BZ#2151627)
Affected Software
Remediation
Event History
Frequently Asked Questions
What is the severity of RHSA-2023:0321?
The severity of RHSA-2023:0321 is classified as important.
How do I fix RHSA-2023:0321?
To fix RHSA-2023:0321, upgrade the affected packages to the latest versions available: nodejs to version 16.18.1-3.el9_1 and nodejs-nodemon to version 2.0.20-2.el9_1.
What packages are affected by RHSA-2023:0321?
The affected packages include nodejs, nodejs-nodemon, and their respective debuginfo and debugsource packages.
Is a reboot required after applying the fix for RHSA-2023:0321?
A reboot is not typically required after applying the fix for RHSA-2023:0321, unless specifically noted in the update instructions.
How can I verify my installation version for RHSA-2023:0321?
You can verify your installation version for RHSA-2023:0321 using the command 'rpm -qa | grep nodejs' to confirm the package versions.