stable

nodejs-16.18.1-1.fc35

FEDORA-2022-de515f765f created by sgallagh a year ago for Fedora 35

November 2022 Security Updates

https://nodejs.org/en/blog/vulnerability/november-2022-security-releases/


September Security Updates for Node.js


Update to Node.js 16.17.0

https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V16.md#16.17.0


Fix dependency typo


Update to 16.15.0


Update to Node.js 16.14.1

Note that we will be skipping 16.14.2 since the only changes were in the bundled copy of OpenSSL, which we do not use. The relevant security patches are handled in Fedora's openssl package.

How to install

Updates may require up to 24 hours to propagate to mirrors. If the following command doesn't work, please retry later:

sudo dnf upgrade --refresh --advisory=FEDORA-2022-de515f765f

This update has been submitted for testing by sgallagh.

a year ago

This update's test gating status has been changed to 'waiting'.

a year ago

This update has obsoleted nodejs-16.17.1-1.fc35, and has inherited its bugs and notes.

a year ago

This update's test gating status has been changed to 'failed'.

a year ago

This update has been pushed to testing.

a year ago
User Icon sergiomb provided feedback a year ago
karma

This update's test gating status has been changed to 'waiting'.

a year ago

This update's test gating status has been changed to 'passed'.

a year ago

This update has been submitted for stable by bodhi.

a year ago

This update has been pushed to stable.

a year ago

Please login to add feedback.

Metadata
Type
security
Severity
high
Karma
1
Signed
Content Type
RPM
Test Gating
Settings
Unstable by Karma
-3
Stable by Karma
1
Stable by Time
7 days
Dates
submitted
a year ago
in testing
a year ago
in stable
a year ago
BZ#2016231 nodejs-16.14.2 is available
0
0
BZ#2105422 CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses
0
0
BZ#2105426 CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding
0
0
BZ#2105430 CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding
0
0
BZ#2108493 CVE-2022-32213 nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding [fedora-all]
0
0
BZ#2108512 CVE-2022-32215 nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding [fedora-all]
0
0
BZ#2108521 CVE-2022-32212 nodejs: DNS rebinding in --inspect via invalid IP addresses [fedora-all]
0
0
BZ#2124513 Update to 16.17.0
0
0
BZ#2130517 CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen
0
0
BZ#2130518 CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields
0
0
BZ#2130523 CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen [fedora-all]
0
0
BZ#2130532 CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields [fedora-all]
0
0

Automated Test Results