ALSA-2022:6448

Source

https://errata.almalinux.org/8/ALSA-2022-6448.html

Import Source

https://github.com/AlmaLinux/osv-database/blob/master/advisories/almalinux8/ALSA-2022:6448.json

Related

• CVE-2022-32212
• CVE-2022-32213
• CVE-2022-32214
• CVE-2022-32215
• CVE-2022-33987

Published

2022-09-13T00:00:00Z

Modified

2022-11-24T19:17:28Z

Details

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

• nodejs: DNS rebinding in --inspect via invalid IP addresses (CVE-2022-32212)
• nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding (CVE-2022-32213)
• nodejs: HTTP request smuggling due to improper delimiting of header fields (CVE-2022-32214)
• nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (CVE-2022-32215)
• got: missing verification of requested URLs allows redirects to UNIX sockets (CVE-2022-33987)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

• nodejs:14/nodejs: rebase to latest upstream release (BZ#2106367)
• nodejs:14/nodejs: Specify --with-default-icu-data-dir when using bootstrap build (BZ#2111417)

References

• https://access.redhat.com/errata/RHSA-2022:6448
• https://access.redhat.com/security/cve/CVE-2022-32212
• https://access.redhat.com/security/cve/CVE-2022-32213
• https://access.redhat.com/security/cve/CVE-2022-32214
• https://access.redhat.com/security/cve/CVE-2022-32215
• https://access.redhat.com/security/cve/CVE-2022-33987
• https://bugzilla.redhat.com/2102001
• https://bugzilla.redhat.com/2105422
• https://bugzilla.redhat.com/2105426
• https://bugzilla.redhat.com/2105428
• https://bugzilla.redhat.com/2105430
• https://errata.almalinux.org/8/ALSA-2022-6448.html