--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2024-e28ccc9c17
2024-04-20 01:02:39.395996
--------------------------------------------------------------------------------
Name : nodejs20
Product : Fedora 39
Version : 20.12.2
Release : 1.fc39
URL :
http://nodejs.org/
Summary : JavaScript runtime
Description :
Node.js is a platform built on Chrome's JavaScript runtime \
for easily building fast, scalable network applications. \
Node.js uses an event-driven, non-blocking I/O model that \
makes it lightweight and efficient, perfect for data-intensive \
real-time applications that run across distributed devices.}
--------------------------------------------------------------------------------
Update Information:
2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS
This is a security release
Notable Changes
CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session()
leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation -
(Medium)
llhttp version 9.2.1
undici version 5.28.4
Commits
[bd8f10a257] - deps: update undici to v5.28.4 (Matteo Collina) nodejs-
private/node-private#576
[5e34540a96] - http: do not allow OBS fold in headers by default (Paolo Insogna)
nodejs-private/node-private#557
[ba1ae6d188] - src: ensure to close stream when destroying session (Anna
Henningsen) nodejs-private/node-private#561
2024-04-03, Version 20.12.1 'Iron' (LTS), @RafaelGSS
This is a security release
Notable Changes
CVE-2024-27983 - Assertion failed in node::http2::Http2Session::\~Http2Session()
leads to HTTP/2 server crash- (High)
CVE-2024-27982 - HTTP Request Smuggling via Content Length Obfuscation -
(Medium)
llhttp version 9.2.1
undici version 5.28.4
--------------------------------------------------------------------------------
ChangeLog:
* Wed Apr 10 2024 Stephen Gallagher <sgallagh(a)redhat.com> - 1:20.12.2-1
- Update to 20.12.2
* Fri Apr 5 2024 Stephen Gallagher <sgallagh(a)redhat.com> - 1:20.12.1-3
- simdutf: cpu feature detection fixes
* Fri Apr 5 2024 Jan Stan��k <jstanek(a)redhat.com> - 1:20.12.1-2
- Remove static analysis from required gating tests
* Wed Apr 3 2024 Stephen Gallagher <sgallagh(a)redhat.com> - 1:20.12.1-1
- Update to 20.12.1
--------------------------------------------------------------------------------
References:
[ 1 ] Bug #2272764 - CVE-2024-27983 nodejs: CONTINUATION frames DoS
https://bugzilla.redhat.com/show_bug.cgi?id=2272764
--------------------------------------------------------------------------------
This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2024-e28ccc9c17' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label
All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------