[SECURITY] Fedora 37 Update: nodejs-18.12.1-1.fc37

-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2022-1667f7b60a 2022-11-29 01:10:30.136214 -------------------------------------------------------------------------------- Name : nodejs Product : Fedora 37 Version : 18.12.1 Release : 1.fc37 URL : http://nodejs.org/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -------------------------------------------------------------------------------- Update Information: November 2022 Security Updates https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/ ---- Update to 18.10.0 https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#... ---- [September Security Updates for Node.js](https://nodejs.org/en/blog/vulnerability/september-2022-security- releases/) ---- Update to 18.9.0 https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#... -------------------------------------------------------------------------------- ChangeLog: * Mon Nov 7 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.12.1-1 - Update to security release 18.12.1 * Tue Nov 1 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.11.0-4 - Update python3_fixup * Thu Oct 20 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.11.0-3 - Move native module autorequires to nodejs-packaging * Thu Oct 20 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.11.0-2 - Fix symlinks * Wed Oct 19 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.11.0-1 - Update to 18.11.0 * Tue Oct 4 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.10.0-1 - Update to 18.10.0 * Fri Sep 23 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.9.1-1 - Fix incorrect version number * Fri Sep 23 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.9.0-4 - Update to 18.9.1 * Thu Sep 15 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.9.0-3 - Simplify manpage packaging * Wed Sep 14 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.9.0-2 - Add f37 to package.cfg * Wed Sep 14 2022 Stephen Gallagher <sgallagh(a)redhat.com&gt; 1:18.9.0-1 - Update to Node.js 18.9.0 - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md# 18.9.0 - https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md# 18.8.0 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2105422 - CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses https://bugzilla.redhat.com/show_bug.cgi?id=2105422 [ 2 ] Bug #2105426 - CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding https://bugzilla.redhat.com/show_bug.cgi?id=2105426 [ 3 ] Bug #2105430 - CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding https://bugzilla.redhat.com/show_bug.cgi?id=2105430 [ 4 ] Bug #2130517 - CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen https://bugzilla.redhat.com/show_bug.cgi?id=2130517 [ 5 ] Bug #2130518 - CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields https://bugzilla.redhat.com/show_bug.cgi?id=2130518 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2022-1667f7b60a' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------