Issued:
2020-12-15
Updated:
2020-12-15

RHSA-2020:5499 - Moderate: nodejs:12 security and bug fix update

Synopsis

Moderate: nodejs:12 security and bug fix update

Type/Severity

Security Advisory Moderate

Topic

An update for the nodejs:12 module is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

  • nodejs-y18n: prototype pollution vulnerability (CVE-2020-7774)

  • c-ares: ares_parse_{a,aaaa}_reply() insufficient naddrttls validation DoS (CVE-2020-8277)

  • nodejs-ajv: prototype pollution via crafted JSON schema in ajv.validate function (CVE-2020-15366)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

  • yarn install crashes with nodejs:12 on aarch64 (BZ#1901045)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

ProductVersionArch
Red Hat Enterprise Linux for x86_648x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions8.8x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions8.6x86_64
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions8.4x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support8.6x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support8.4x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension8.8x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension8.6x86_64
Red Hat Enterprise Linux for x86_64 - Extended Update Support Extension8.4x86_64
Red Hat Enterprise Linux for x86_64 - Extended Life Cycle8.10x86_64
Red Hat Enterprise Linux for Power, little endian8ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support8.8ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support8.6ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Update Support8.4ppc64le
Red Hat Enterprise Linux for Power, little endian - Extended Life Cycle8.10ppc64le
Red Hat Enterprise Linux for IBM z Systems8s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support8.8s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support8.6s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support8.4s390x
Red Hat Enterprise Linux for IBM z Systems - Extended Life Cycle8.10s390x
Red Hat Enterprise Linux for ARM 648aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support8.8aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support8.6aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Update Support8.4aarch64
Red Hat Enterprise Linux for ARM 64 - Extended Life Cycle8.10aarch64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions8.8ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions8.6ppc64le
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions8.4ppc64le
Red Hat Enterprise Linux Server - TUS8.8x86_64
Red Hat Enterprise Linux Server - TUS8.6x86_64
Red Hat Enterprise Linux Server - TUS8.4x86_64
Red Hat Enterprise Linux Server - AUS8.6x86_64
Red Hat Enterprise Linux Server - AUS8.4x86_64

Updated Packages

  • nodejs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.src.rpm
  • nodejs-debuginfo-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm
  • nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.src.rpm
  • nodejs-debugsource-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm
  • nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.src.rpm
  • nodejs-docs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.noarch.rpm
  • nodejs-devel-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm
  • nodejs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm
  • npm-6.14.8-1.12.19.1.1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm
  • nodejs-full-i18n-12.19.1-1.module+el8.3.0+8851+b7b41ca0.x86_64.rpm
  • nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45.noarch.rpm
  • nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45.noarch.rpm
  • nodejs-devel-12.19.1-1.module+el8.3.0+8851+b7b41ca0.s390x.rpm
  • nodejs-debugsource-12.19.1-1.module+el8.3.0+8851+b7b41ca0.s390x.rpm
  • npm-6.14.8-1.12.19.1.1.module+el8.3.0+8851+b7b41ca0.s390x.rpm
  • nodejs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.s390x.rpm
  • nodejs-full-i18n-12.19.1-1.module+el8.3.0+8851+b7b41ca0.s390x.rpm
  • nodejs-debuginfo-12.19.1-1.module+el8.3.0+8851+b7b41ca0.s390x.rpm
  • nodejs-debuginfo-12.19.1-1.module+el8.3.0+8851+b7b41ca0.ppc64le.rpm
  • nodejs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.ppc64le.rpm
  • nodejs-full-i18n-12.19.1-1.module+el8.3.0+8851+b7b41ca0.ppc64le.rpm
  • nodejs-devel-12.19.1-1.module+el8.3.0+8851+b7b41ca0.ppc64le.rpm
  • nodejs-debugsource-12.19.1-1.module+el8.3.0+8851+b7b41ca0.ppc64le.rpm
  • npm-6.14.8-1.12.19.1.1.module+el8.3.0+8851+b7b41ca0.ppc64le.rpm
  • npm-6.14.8-1.12.19.1.1.module+el8.3.0+8851+b7b41ca0.aarch64.rpm
  • nodejs-12.19.1-1.module+el8.3.0+8851+b7b41ca0.aarch64.rpm
  • nodejs-debuginfo-12.19.1-1.module+el8.3.0+8851+b7b41ca0.aarch64.rpm
  • nodejs-devel-12.19.1-1.module+el8.3.0+8851+b7b41ca0.aarch64.rpm
  • nodejs-full-i18n-12.19.1-1.module+el8.3.0+8851+b7b41ca0.aarch64.rpm
  • nodejs-debugsource-12.19.1-1.module+el8.3.0+8851+b7b41ca0.aarch64.rpm

Fixes

CVEs

References

Additional information