1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2021:0744

[RHSA-2021:0744] nodejs:14 security and bug fix update

Severity Important
Affected Packages 19
CVEs 2
Info Packages References Vulnerabilities

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

The following packages have been upgraded to a later upstream version: nodejs (14.16.0).

Security Fix(es):

  • nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)

  • nodejs: DNS rebinding in --inspect (CVE-2021-22884)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • Node.js should not be built with "--debug-nghttp2" (BZ#1932427)
Package Affected Version
pkg:rpm/redhat/npm?arch=x86_64&distro=redhat-8.3 < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/npm?arch=s390x&distro=redhat-8.3 < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/npm?arch=ppc64le&distro=redhat-8.3 < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/npm?arch=aarch64&distro=redhat-8.3 < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs?arch=x86_64&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs?arch=s390x&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs?arch=ppc64le&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs?arch=aarch64&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-packaging?distro=redhat-8.3 < 23-3.module+el8.3.0+6519+9f98ed83
pkg:rpm/redhat/nodejs-nodemon?distro=redhat-8.3 < 2.0.3-1.module+el8.3.0+6519+9f98ed83
pkg:rpm/redhat/nodejs-full-i18n?arch=x86_64&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-full-i18n?arch=s390x&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-full-i18n?arch=ppc64le&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-full-i18n?arch=aarch64&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-docs?distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-devel?arch=x86_64&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-devel?arch=s390x&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-devel?arch=ppc64le&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
pkg:rpm/redhat/nodejs-devel?arch=aarch64&distro=redhat-8.3 < 14.16.0-2.module+el8.3.0+10180+b92e1eb6
ID
RHSA-2021:0744
Severity
important
URL
https://access.redhat.com/errata/RHSA-2021:0744
Published
2021-03-08T00:00:00
(3 years ago)
Modified
2021-03-08T00:00:00
(3 years ago)
Rights
Copyright 2021 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/npm?arch=x86_64&distro=redhat-8.3 redhat npm < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 x86_64
Affected pkg:rpm/redhat/npm?arch=s390x&distro=redhat-8.3 redhat npm < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 s390x
Affected pkg:rpm/redhat/npm?arch=ppc64le&distro=redhat-8.3 redhat npm < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 ppc64le
Affected pkg:rpm/redhat/npm?arch=aarch64&distro=redhat-8.3 redhat npm < 6.14.11-1.14.16.0.2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 aarch64
Affected pkg:rpm/redhat/nodejs?arch=x86_64&distro=redhat-8.3 redhat nodejs < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 x86_64
Affected pkg:rpm/redhat/nodejs?arch=s390x&distro=redhat-8.3 redhat nodejs < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 s390x
Affected pkg:rpm/redhat/nodejs?arch=ppc64le&distro=redhat-8.3 redhat nodejs < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 ppc64le
Affected pkg:rpm/redhat/nodejs?arch=aarch64&distro=redhat-8.3 redhat nodejs < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 aarch64
Affected pkg:rpm/redhat/nodejs-packaging?distro=redhat-8.3 redhat nodejs-packaging < 23-3.module+el8.3.0+6519+9f98ed83 redhat-8.3
Affected pkg:rpm/redhat/nodejs-nodemon?distro=redhat-8.3 redhat nodejs-nodemon < 2.0.3-1.module+el8.3.0+6519+9f98ed83 redhat-8.3
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=x86_64&distro=redhat-8.3 redhat nodejs-full-i18n < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 x86_64
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=s390x&distro=redhat-8.3 redhat nodejs-full-i18n < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 s390x
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=ppc64le&distro=redhat-8.3 redhat nodejs-full-i18n < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 ppc64le
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=aarch64&distro=redhat-8.3 redhat nodejs-full-i18n < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 aarch64
Affected pkg:rpm/redhat/nodejs-docs?distro=redhat-8.3 redhat nodejs-docs < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3
Affected pkg:rpm/redhat/nodejs-devel?arch=x86_64&distro=redhat-8.3 redhat nodejs-devel < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 x86_64
Affected pkg:rpm/redhat/nodejs-devel?arch=s390x&distro=redhat-8.3 redhat nodejs-devel < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 s390x
Affected pkg:rpm/redhat/nodejs-devel?arch=ppc64le&distro=redhat-8.3 redhat nodejs-devel < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 ppc64le
Affected pkg:rpm/redhat/nodejs-devel?arch=aarch64&distro=redhat-8.3 redhat nodejs-devel < 14.16.0-2.module+el8.3.0+10180+b92e1eb6 redhat-8.3 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date