(RHSA-2024:1503) Important: nodejs:18 security update

2024-03-2519:54:22

access.redhat.com

node.js

security update

code injection

dos attacks

cve-2024-21892

cve-2024-22019

bleichenbacher attack

CVSS3

7.4

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

AI Score

Confidence

Low

EPSS

Percentile

16.3%

JSON

Node.js is a software development platform for building fast and scalable
network applications in the JavaScript programming language.

Security Fix(es):

nodejs: code injection and privilege escalation through Linux capabilities (CVE-2024-21892)
nodejs: reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (CVE-2024-22019)
nodejs: vulnerable to timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding (Marvin) (CVE-2023-46809)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE
page(s) listed in the References section.

OSVersionArchitecturePackageVersionFilename
RedHatanyaarch64nodejs-full-i18n< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-full-i18n-18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64.rpm
RedHatanyaarch64nodejs-debuginfo< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-debuginfo-18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64.rpm
RedHatanyx86_64nodejs-debuginfo< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-debuginfo-18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64.rpm
RedHatanys390xnodejs< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHatanynoarchnodejs-docs< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-docs-18.19.1-1.module+el9.3.0+21388+22892fb9.noarch.rpm
RedHatanys390xnodejs-full-i18n< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-full-i18n-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHatanys390xnodejs-devel< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-devel-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHatanyx86_64nodejs-debugsource< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-debugsource-18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64.rpm
RedHatanys390xnodejs-debugsource< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-debugsource-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHatanyx86_64nodejs-devel< 18.19.1-1.module+el9.3.0+21388+22892fb9nodejs-devel-18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64.rpm

OS	Version	Architecture	Package	Version	Filename
RedHat	any	aarch64	nodejs-full-i18n	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-full-i18n-18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64.rpm
RedHat	any	aarch64	nodejs-debuginfo	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-debuginfo-18.19.1-1.module+el9.3.0+21388+22892fb9.aarch64.rpm
RedHat	any	x86_64	nodejs-debuginfo	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-debuginfo-18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64.rpm
RedHat	any	s390x	nodejs	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHat	any	noarch	nodejs-docs	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-docs-18.19.1-1.module+el9.3.0+21388+22892fb9.noarch.rpm
RedHat	any	s390x	nodejs-full-i18n	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-full-i18n-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHat	any	s390x	nodejs-devel	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-devel-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHat	any	x86_64	nodejs-debugsource	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-debugsource-18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64.rpm
RedHat	any	s390x	nodejs-debugsource	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-debugsource-18.19.1-1.module+el9.3.0+21388+22892fb9.s390x.rpm
RedHat	any	x86_64	nodejs-devel	< 18.19.1-1.module+el9.3.0+21388+22892fb9	nodejs-devel-18.19.1-1.module+el9.3.0+21388+22892fb9.x86_64.rpm