(RHSA-2023:5803) Important: nodejs:16 security update

2023-10-1716:18:02

access.redhat.com

node.js

security update

http/2

ddos attack

cve-2023-44487

cvss score

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.813

Percentile

98.4%

JSON

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyppc64lenodejs< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-16.20.2-3.module+el8.6.0+20387+28a0198c.ppc64le.rpm
RedHatanynoarchnodejs-docs< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-docs-16.20.2-3.module+el8.6.0+20387+28a0198c.noarch.rpm
RedHatanyppc64lenodejs-full-i18n< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-full-i18n-16.20.2-3.module+el8.6.0+20387+28a0198c.ppc64le.rpm
RedHatanyx86_64nodejs-debuginfo< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-debuginfo-16.20.2-3.module+el8.6.0+20387+28a0198c.x86_64.rpm
RedHatanys390xnodejs-debuginfo< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-debuginfo-16.20.2-3.module+el8.6.0+20387+28a0198c.s390x.rpm
RedHatanys390xnpm< 8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198cnpm-8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198c.s390x.rpm
RedHatanyaarch64nodejs-debuginfo< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-debuginfo-16.20.2-3.module+el8.6.0+20387+28a0198c.aarch64.rpm
RedHatanyx86_64npm< 8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198cnpm-8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198c.x86_64.rpm
RedHatanyppc64lenodejs-devel< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-devel-16.20.2-3.module+el8.6.0+20387+28a0198c.ppc64le.rpm
RedHatanyx86_64nodejs-full-i18n< 16.20.2-3.module+el8.6.0+20387+28a0198cnodejs-full-i18n-16.20.2-3.module+el8.6.0+20387+28a0198c.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	ppc64le	nodejs	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-16.20.2-3.module+el8.6.0+20387+28a0198c.ppc64le.rpm
RedHat	any	noarch	nodejs-docs	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-docs-16.20.2-3.module+el8.6.0+20387+28a0198c.noarch.rpm
RedHat	any	ppc64le	nodejs-full-i18n	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-full-i18n-16.20.2-3.module+el8.6.0+20387+28a0198c.ppc64le.rpm
RedHat	any	x86_64	nodejs-debuginfo	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-debuginfo-16.20.2-3.module+el8.6.0+20387+28a0198c.x86_64.rpm
RedHat	any	s390x	nodejs-debuginfo	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-debuginfo-16.20.2-3.module+el8.6.0+20387+28a0198c.s390x.rpm
RedHat	any	s390x	npm	< 8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198c	npm-8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198c.s390x.rpm
RedHat	any	aarch64	nodejs-debuginfo	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-debuginfo-16.20.2-3.module+el8.6.0+20387+28a0198c.aarch64.rpm
RedHat	any	x86_64	npm	< 8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198c	npm-8.19.4-1.16.20.2.3.module+el8.6.0+20387+28a0198c.x86_64.rpm
RedHat	any	ppc64le	nodejs-devel	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-devel-16.20.2-3.module+el8.6.0+20387+28a0198c.ppc64le.rpm
RedHat	any	x86_64	nodejs-full-i18n	< 16.20.2-3.module+el8.6.0+20387+28a0198c	nodejs-full-i18n-16.20.2-3.module+el8.6.0+20387+28a0198c.x86_64.rpm