[FEDORA-2022-de515f765f] Fedora 35: nodejs
Severity
Critical
Affected Packages
1
CVEs
5
November 2022 Security Updates
https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/ ----
September Security Updates for
Node.js ---- Update to Node.js 16.17.0
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0
---- Fix dependency typo ---- Update to 16.15.0 ---- Update to Node.js
16.14.1 Note that we will be skipping 16.14.2 since the only changes were in
the bundled copy of OpenSSL, which we do not use. The relevant security patches
are handled in Fedora's openssl package.
| Package | Affected Version |
|---|---|
 pkg:rpm/fedora/nodejs?distro=fedora-35
|
< 16.18.1.1.fc35 |
- ID
- FEDORA-2022-de515f765f
- Severity
- critical
- Severity from
- CVE-2022-35255
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2022-de515f765f
- Published
-
2022-11-29T00:57:02
(21 months ago) - Modified
-
2022-11-29T00:57:02
(21 months ago) - Rights
- Copyright 2022 Red Hat, Inc.
- Other Advisories
-
-
ALPINE:CVE-2022-32212
-
ALPINE:CVE-2022-32213
-
ALPINE:CVE-2022-32215
-
ALPINE:CVE-2022-35255
-
ALPINE:CVE-2022-35256
-
ALSA-2022:6448
-
ALSA-2022:6595
-
ALSA-2022:6963
-
ALSA-2022:6964
-
ALSA-2022:7821
-
ALSA-2022:7830
-
ALSA-2023:0321
-
DSA-5326-1
-
ELSA-2022-6448
-
ELSA-2022-6449
-
ELSA-2022-6595
-
ELSA-2022-6963
-
ELSA-2022-6964
-
ELSA-2022-7821
-
ELSA-2022-7830
-
ELSA-2023-0321
-
FEDORA-2022-1667f7b60a
-
FEDORA-2022-52dec6351a
-
FREEBSD:B9210706-FEB0-11EC-81FA-1C697A616631
-
GLSA-202405-29
-
MS:CVE-2022-32212
-
MS:CVE-2022-32213
-
MS:CVE-2022-32215
-
MS:CVE-2022-35256
-
NPM:GHSA-5689-V88G-G6RV
-
RHSA-2022:6448
-
RHSA-2022:6449
-
RHSA-2022:6595
-
RHSA-2022:6963
-
RHSA-2022:6964
-
RHSA-2022:7821
-
RHSA-2022:7830
-
RHSA-2023:0321
-
RLSA-2022:6448
-
RLSA-2022:6449
-
RLSA-2022:6964
-
RLSA-2022:7821
-
RLSA-2022:7830
-
RLSA-2023:0321
-
SUSE-SU-2022:2415-1
-
SUSE-SU-2022:2416-1
-
SUSE-SU-2022:2417-1
-
SUSE-SU-2022:2425-1
-
SUSE-SU-2022:2430-1
-
SUSE-SU-2022:2491-1
-
SUSE-SU-2022:2551-1
-
SUSE-SU-2022:2855-1
-
SUSE-SU-2022:3503-1
-
SUSE-SU-2022:3516-1
-
SUSE-SU-2022:3524-1
-
SUSE-SU-2022:3614-1
-
SUSE-SU-2022:3615-1
-
SUSE-SU-2022:3616-1
-
SUSE-SU-2022:3656-1
-
SUSE-SU-2022:3835-1
-
SUSE-SU-2023:0408-1
-
SUSE-SU-2023:0419-1
-
USN-6491-1
-
| Source | # ID | Name | URL |
|---|---|---|---|
| Bugzilla | 2105422 | Bug #2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses |
|
| Bugzilla | 2105426 | Bug #2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding |
|
| Bugzilla | 2130518 | Bug #2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields |
|
| Bugzilla | 2105430 | Bug #2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding |
|
| Bugzilla | 2130517 | Bug #2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen |
|
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/fedora/nodejs?distro=fedora-35 | fedora |
nodejs
|
< 16.18.1.1.fc35 | fedora-35 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |