1. Home
  2. Security Advisories
  3. Red Hat
  4. RHSA-2023:4034

[RHSA-2023:4034] nodejs:16 security update

Severity Important
Affected Packages 19
CVEs 4
Info Packages References Vulnerabilities

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

  • c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

  • c-ares: Insufficient randomness in generation of DNS query IDs (CVE-2023-31147)

  • c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation (CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Package Affected Version
pkg:rpm/redhat/npm?arch=x86_64&distro=redhat-8.8 < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/npm?arch=s390x&distro=redhat-8.8 < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/npm?arch=ppc64le&distro=redhat-8.8 < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/npm?arch=aarch64&distro=redhat-8.8 < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs?arch=x86_64&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs?arch=s390x&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs?arch=ppc64le&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs?arch=aarch64&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-packaging?distro=redhat-8.5 < 25-1.module+el8.5.0+10992+fac5fe06
pkg:rpm/redhat/nodejs-nodemon?distro=redhat-8.8 < 2.0.20-3.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-full-i18n?arch=x86_64&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-full-i18n?arch=s390x&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-full-i18n?arch=ppc64le&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-full-i18n?arch=aarch64&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-docs?distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-devel?arch=x86_64&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-devel?arch=s390x&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-devel?arch=ppc64le&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
pkg:rpm/redhat/nodejs-devel?arch=aarch64&distro=redhat-8.8 < 16.19.1-2.module+el8.8.0+19038+6f60344f
ID
RHSA-2023:4034
Severity
important
URL
https://access.redhat.com/errata/RHSA-2023:4034
Published
2023-07-12T00:00:00
(14 months ago)
Modified
2023-07-12T00:00:00
(14 months ago)
Rights
Copyright 2023 Red Hat, Inc.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/redhat/npm?arch=x86_64&distro=redhat-8.8 redhat npm < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f redhat-8.8 x86_64
Affected pkg:rpm/redhat/npm?arch=s390x&distro=redhat-8.8 redhat npm < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f redhat-8.8 s390x
Affected pkg:rpm/redhat/npm?arch=ppc64le&distro=redhat-8.8 redhat npm < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f redhat-8.8 ppc64le
Affected pkg:rpm/redhat/npm?arch=aarch64&distro=redhat-8.8 redhat npm < 8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f redhat-8.8 aarch64
Affected pkg:rpm/redhat/nodejs?arch=x86_64&distro=redhat-8.8 redhat nodejs < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 x86_64
Affected pkg:rpm/redhat/nodejs?arch=s390x&distro=redhat-8.8 redhat nodejs < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 s390x
Affected pkg:rpm/redhat/nodejs?arch=ppc64le&distro=redhat-8.8 redhat nodejs < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 ppc64le
Affected pkg:rpm/redhat/nodejs?arch=aarch64&distro=redhat-8.8 redhat nodejs < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 aarch64
Affected pkg:rpm/redhat/nodejs-packaging?distro=redhat-8.5 redhat nodejs-packaging < 25-1.module+el8.5.0+10992+fac5fe06 redhat-8.5
Affected pkg:rpm/redhat/nodejs-nodemon?distro=redhat-8.8 redhat nodejs-nodemon < 2.0.20-3.module+el8.8.0+19038+6f60344f redhat-8.8
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=x86_64&distro=redhat-8.8 redhat nodejs-full-i18n < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 x86_64
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=s390x&distro=redhat-8.8 redhat nodejs-full-i18n < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 s390x
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=ppc64le&distro=redhat-8.8 redhat nodejs-full-i18n < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 ppc64le
Affected pkg:rpm/redhat/nodejs-full-i18n?arch=aarch64&distro=redhat-8.8 redhat nodejs-full-i18n < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 aarch64
Affected pkg:rpm/redhat/nodejs-docs?distro=redhat-8.8 redhat nodejs-docs < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8
Affected pkg:rpm/redhat/nodejs-devel?arch=x86_64&distro=redhat-8.8 redhat nodejs-devel < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 x86_64
Affected pkg:rpm/redhat/nodejs-devel?arch=s390x&distro=redhat-8.8 redhat nodejs-devel < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 s390x
Affected pkg:rpm/redhat/nodejs-devel?arch=ppc64le&distro=redhat-8.8 redhat nodejs-devel < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 ppc64le
Affected pkg:rpm/redhat/nodejs-devel?arch=aarch64&distro=redhat-8.8 redhat nodejs-devel < 16.19.1-2.module+el8.8.0+19038+6f60344f redhat-8.8 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date