Download
| Alert*
oval:org.secpod.oval:def:89045478
This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service - CVE-2021-22884: DNS rebinding in --inspect oval:org.secpod.oval:def:4501366 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:70499 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:70097 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:94103 The host is installed with Node.js 10.x before 10.24.0, 12.x before 12.21.0, 14.x before 14.16.0 or 15.x before 15.10.0 and is prone to DNS rebinding attack vulnerability. A flaw is present in the application which fails to handle the DNS server. On successful exploitation, the DNS rebinding protect ... oval:org.secpod.oval:def:2500494 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:1504767 nodejs [1:14.16.0-2] - Resolves: RHBZ#1932427 - remove --debug-nghttp2 option [1:14.16.0-1] - Resolves: RHBZ#1932317, RHBZ#1932425 - Rebase, remove ini patch [1:14.15.4-2] - Add patch for yarn crash - Resolves: RHBZ#1916465 [1:14.15.4-1] - Security rebase to 14.15.4 - https://nodejs.org/en/blog/vuln ... oval:org.secpod.oval:def:1504768 nodejs [1:10.24.0-1] - Resolves: RHBZ#1932373, RHBZ#1932426 - Resolves CVE-2021-22883 and CVE-2021-22884 - remove -debug-nghttp2 flag - remove ini patch merged upstream oval:org.secpod.oval:def:2500514 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:4501355 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:4501312 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:505931 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:119564 Node.js is a platform built on Chromes JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:505932 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:95050 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:70096 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:2500280 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. oval:org.secpod.oval:def:505934 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exhaustion * n ... oval:org.secpod.oval:def:119558 Node.js is a platform built on Chromes JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. oval:org.secpod.oval:def:1504741 nodejs [1:12.21.0-1] - Resolves: RHBZ#1932315, RHBZ#1932424 - remove --debug-nghttp2 option - remove ini patch - Backport patch to use getauxval oval:org.secpod.oval:def:708506 nodejs: An open-source, cross-platform JavaScript runtime environment. Several security issues were fixed in Node.js. oval:org.secpod.oval:def:505957 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs10-nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exh ... oval:org.secpod.oval:def:505958 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs14-nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exh ... oval:org.secpod.oval:def:505956 Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: rh-nodejs12-nodejs . Security Fix: * nodejs: HTTP2 "unknownProtocol" cause DoS by resource exh ... oval:org.secpod.oval:def:69881 Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. oval:org.secpod.oval:def:605452 Two vulnerabilities were discovered in Node.js, which could result in denial of service or DNS rebinding attacks. oval:org.secpod.oval:def:2107810 Oracle Solaris 11 - ( CVE-2022-35256 ) oval:org.secpod.oval:def:89043764 This update for nodejs10 fixes the following issues: New upstream LTS version 10.24.0: - CVE-2021-22883: HTTP2 "unknownProtocol" cause Denial of Service by resource exhaustion - CVE-2021-22884: DNS rebinding in --inspect - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate oval:org.secpod.oval:def:2106629 Oracle Solaris 11 - ( CVE-2020-8265 ) |