-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: nodejs:16 security update Advisory ID: RHSA-2022:4796-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2022:4796 Issue date: 2022-05-30 CVE Names: CVE-2021-43616 ===================================================================== 1. Summary: An update for the nodejs:16 module is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. Description: Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * npm: npm ci succeeds when package-lock.json doesn't match package.json (CVE-2021-43616) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 2050282 - CVE-2021-43616 npm: npm ci succeeds when package-lock.json doesn't match package.json 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): Source: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.src.rpm nodejs-nodemon-2.0.15-1.module+el8.6.0+15294+54b291d2.src.rpm nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm aarch64: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.aarch64.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.aarch64.rpm noarch: nodejs-docs-16.14.0-4.module+el8.6.0+15294+54b291d2.noarch.rpm nodejs-nodemon-2.0.15-1.module+el8.6.0+15294+54b291d2.noarch.rpm nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm ppc64le: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.ppc64le.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.ppc64le.rpm s390x: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.s390x.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.s390x.rpm x86_64: nodejs-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-debuginfo-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-debugsource-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-devel-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm nodejs-full-i18n-16.14.0-4.module+el8.6.0+15294+54b291d2.x86_64.rpm npm-8.3.1-1.16.14.0.4.module+el8.6.0+15294+54b291d2.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-43616 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is . More contact details at https://access.redhat.com/security/team/contact/ Copyright 2022 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYpTR69zjgjWX9erEAQj9cRAAgQ425qbjyzyJ2iM0SJ7HeGAEuwfde27X sV3OUlmy/eTumRxthsl6BpnqatAeFsFQN6kIKVtptjeQhTRGYS42kGR3Izt9rniP 9vNRIJq9EoOncJIK8O+3OQDxdNnO/CakEo1XG2rLGOa4I2DQwyhsn/lQxM+vDAZv KMB+keNAtBrqzWABdyAmHJwnq5Iw0Z/PDOQYvq/nn4p9DGLeYLF9IlJdmzYjC/Jj c662UMKoq5+iyTyQMvFkXDO3oqGfpQhrMPSJ5VioMR86s6FFNE9LlLjf+h+a4xgr gAmWY7ktBzFN2ERfbNMJzyXYDrKAEEZPG5SDgL1egg/pqhioflKahnhRGRy0BpvC WwI3sWFiPp9X39VhpD3bDX/SsfK/mG+1dy7HZlYIoAH5EmXPBN7BUEGZd1Zp8T6z ScbVjdXnd50WvsHFlEjMjgNf7bt8m0pc8Vvb8mwVDVOdTpAUG/SVBKI/6Jp+uD5k KmO3rFjB9e/hZ1gwlqiM5y/EUzcDNVYdEAeRffgbCktZpsHPrL3cfj74JgeNGrsq YbfwcFzM6wNrMZnYsSFyLW8IEaf40m/mdQH+mxcN5LD81B0la77OfHipNjs/J90u L/RsvMtYnQ4AtxTaG9n+uGgpHKzPwnWKlRNLtjc9hkVko3S2O9BRQZwktN1YlzU1 78vx6BhnkIE= =9JmC -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce