[FEDORA-2022-52dec6351a] Fedora 36: nodejs
Severity
Critical
Affected Packages
1
CVEs
5
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/ ----
September Security Updates for
Node.js ---- Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
---- Fix dependency typo ---- Update to 16.15.0 ---- Update to Node.js
16.14.1 Note that we will be skipping 16.14.2 since the only changes were in
the bundled copy of OpenSSL, which we do not use. The relevant security patches
are handled in Fedora's openssl
package.
Package | Affected Version |
---|---|
pkg:rpm/fedora/nodejs?distro=fedora-36 | < 16.18.1.1.fc36 |
- ID
- FEDORA-2022-52dec6351a
- Severity
- critical
- Severity from
- CVE-2022-35255
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2022-52dec6351a
- Published
-
2022-11-29T01:28:04
(21 months ago) - Modified
-
2022-11-29T01:28:04
(21 months ago) - Rights
- Copyright 2022 Red Hat, Inc.
- Other Advisories
-
- ALPINE:CVE-2022-32212
- ALPINE:CVE-2022-32213
- ALPINE:CVE-2022-32215
- ALPINE:CVE-2022-35255
- ALPINE:CVE-2022-35256
- ALSA-2022:6448
- ALSA-2022:6595
- ALSA-2022:6963
- ALSA-2022:6964
- ALSA-2022:7821
- ALSA-2022:7830
- ALSA-2023:0321
- DSA-5326-1
- ELSA-2022-6448
- ELSA-2022-6449
- ELSA-2022-6595
- ELSA-2022-6963
- ELSA-2022-6964
- ELSA-2022-7821
- ELSA-2022-7830
- ELSA-2023-0321
- FEDORA-2022-1667f7b60a
- FEDORA-2022-de515f765f
- FREEBSD:B9210706-FEB0-11EC-81FA-1C697A616631
- GLSA-202405-29
- MS:CVE-2022-32212
- MS:CVE-2022-32213
- MS:CVE-2022-32215
- MS:CVE-2022-35256
- NPM:GHSA-5689-V88G-G6RV
- RHSA-2022:6448
- RHSA-2022:6449
- RHSA-2022:6595
- RHSA-2022:6963
- RHSA-2022:6964
- RHSA-2022:7821
- RHSA-2022:7830
- RHSA-2023:0321
- RLSA-2022:6448
- RLSA-2022:6449
- RLSA-2022:6964
- RLSA-2022:7821
- RLSA-2022:7830
- RLSA-2023:0321
- SUSE-SU-2022:2415-1
- SUSE-SU-2022:2416-1
- SUSE-SU-2022:2417-1
- SUSE-SU-2022:2425-1
- SUSE-SU-2022:2430-1
- SUSE-SU-2022:2491-1
- SUSE-SU-2022:2551-1
- SUSE-SU-2022:2855-1
- SUSE-SU-2022:3503-1
- SUSE-SU-2022:3516-1
- SUSE-SU-2022:3524-1
- SUSE-SU-2022:3614-1
- SUSE-SU-2022:3615-1
- SUSE-SU-2022:3616-1
- SUSE-SU-2022:3656-1
- SUSE-SU-2022:3835-1
- SUSE-SU-2023:0408-1
- SUSE-SU-2023:0419-1
- USN-6491-1
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 2130517 | Bug #2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen | https://bugzilla.redhat.com/show_bug.cgi?id=2130517 |
Bugzilla | 2130518 | Bug #2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields | https://bugzilla.redhat.com/show_bug.cgi?id=2130518 |
Bugzilla | 2105430 | Bug #2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding | https://bugzilla.redhat.com/show_bug.cgi?id=2105430 |
Bugzilla | 2105426 | Bug #2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding | https://bugzilla.redhat.com/show_bug.cgi?id=2105426 |
Bugzilla | 2105422 | Bug #2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses | https://bugzilla.redhat.com/show_bug.cgi?id=2105422 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/nodejs?distro=fedora-36 | fedora | nodejs | < 16.18.1.1.fc36 | fedora-36 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |