Red Hat Security Advisory 2023-4038-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4038-01

Red Hat Security Advisory 2023-4037-01 - An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: bind9.16 security update  
Advisory ID:       RHSA-2023:4037-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4037  
Issue date:        2023-07-12  
CVE Names:         CVE-2023-2828   
=====================================================================

1. Summary:

An update for bind9.16 is now available for Red Hat Enterprise Linux 8.6  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat CodeReady Linux Builder EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64  
Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

The Berkeley Internet Name Domain (BIND) is an implementation of the Domain  
Name System (DNS) protocols. BIND includes a DNS server (named); a resolver  
library (routines for applications to use when interfacing with DNS); and  
tools for verifying that the DNS server is operating correctly.

Security Fix(es):

* bind: named's configured cache size limit can be significantly exceeded  
(CVE-2023-2828)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2216227 - CVE-2023-2828 bind: named's configured cache size limit can be significantly exceeded

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
bind9.16-9.16.23-0.7.el8_6.2.src.rpm

aarch64:  
bind9.16-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-chroot-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-libs-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-utils-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm

noarch:  
bind9.16-license-9.16.23-0.7.el8_6.2.noarch.rpm

ppc64le:  
bind9.16-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-chroot-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-libs-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-utils-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm

s390x:  
bind9.16-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-chroot-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-libs-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-utils-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm

x86_64:  
bind9.16-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-chroot-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-libs-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-utils-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm

Red Hat CodeReady Linux Builder EUS (v.8.6):

aarch64:  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-devel-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.aarch64.rpm

noarch:  
bind9.16-doc-9.16.23-0.7.el8_6.2.noarch.rpm  
python3-bind9.16-9.16.23-0.7.el8_6.2.noarch.rpm

ppc64le:  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-devel-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.ppc64le.rpm

s390x:  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-devel-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.s390x.rpm

x86_64:  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.i686.rpm  
bind9.16-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.i686.rpm  
bind9.16-debugsource-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-devel-9.16.23-0.7.el8_6.2.i686.rpm  
bind9.16-devel-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-dnssec-utils-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.i686.rpm  
bind9.16-dnssec-utils-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-libs-9.16.23-0.7.el8_6.2.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.i686.rpm  
bind9.16-libs-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.i686.rpm  
bind9.16-utils-debuginfo-9.16.23-0.7.el8_6.2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-2828  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrqznAAoJENzjgjWX9erEw/8P/0zS6p5Tgv+K8x/IVas9/mL6  
uYxNhhA1Orqih9soIlRA9pbmt5CDR7bx/7P2HmiVabxkU9C6gYt1ThnrYapyK4je  
3YitOGzydReDKxycxBWOhMSVRmNgJRiSNpr+NF6jQgmQA12D5m4iKWKEz9tTtxup  
VcZ7DfviU8i7r84oHZstXa/W1t3hzDleT+JbSG5ca8aKNMaEPi0BPlEdpD2zSXi1  
U5685W2LifcU/zEogOi1/rRXvT9BBXW9w3XpL2WmRcmPbxkXhoY417e1z4qflEzf  
Hv+7aYu9r8c+G2Cd4P3RH7Ll+WtqQnmB+dAzYMrXQMUCKBG2kIs08ZLBvnWDs8g9  
SQ5+f+bg1GmwPqKNlR6mn5aSILohYBZj9qDNfJ6TKtEJ7hTnJdNXcKyOz8UyEfI2  
J5m2I8jqZ3sMvqTePb5GtD+Uy2/mQdqhFbdjp0t5K7hs/Zod4ns0LKKu0mV5zy5q  
GUt3h1njSQGiUpINPSIn8X0lOXN+fVRMP3YtACDZh3MIsBN9fdKjNH2QWuUeur3K  
6a4C4P4PPSNqAwdtdrgRl0KUcjUPoPZuvcB4eVxk8fr4iikLoQXSg/V/uymSbj8p  
0pgB3NrrNac8OxaqzlGzOquqpZa6tF3iFMmqpOBb9fD5AIyYSroLc0qS6znOwhux  
mduxW862FXmrmApN7Tn1  
=7UCA  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4037-01

Red Hat Security Advisory 2023-4032-01 - Python is an interpreted, interactive, object-oriented programming language, which includes modules, classes, exceptions, very high level dynamic data types and dynamic typing. Python supports interfaces to many system calls and libraries, as well as to various windowing systems. Issues addressed include a bypass vulnerability.

Red Hat Security Advisory 2023-4032-01

Red Hat Security Advisory 2023-4039-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: rh-nodejs14-nodejs security update  
Advisory ID:       RHSA-2023:4039-01  
Product:           Red Hat Software Collections  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4039  
Issue date:        2023-07-12  
CVE Names:         CVE-2023-31124 CVE-2023-31130 CVE-2023-31147   
                   CVE-2023-32067   
=====================================================================

1. Summary:

An update for rh-nodejs14-nodejs is now available for Red Hat Software  
Collections.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Software Collections for RHEL Workstation(v. 7) - noarch, ppc64le, s390x, x86_64  
Red Hat Software Collections for RHEL(v. 7) - noarch, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

* c-ares: Insufficient randomness in generation of DNS query IDs  
(CVE-2023-31147)

* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
(CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()  
2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs  
2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Software Collections for RHEL Workstation(v. 7):

Source:  
rh-nodejs14-nodejs-14.21.3-4.el7.src.rpm

noarch:  
rh-nodejs14-nodejs-docs-14.21.3-4.el7.noarch.rpm

ppc64le:  
rh-nodejs14-nodejs-14.21.3-4.el7.ppc64le.rpm  
rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.ppc64le.rpm  
rh-nodejs14-nodejs-devel-14.21.3-4.el7.ppc64le.rpm  
rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.ppc64le.rpm  
rh-nodejs14-npm-6.14.18-14.21.3.4.el7.ppc64le.rpm

s390x:  
rh-nodejs14-nodejs-14.21.3-4.el7.s390x.rpm  
rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.s390x.rpm  
rh-nodejs14-nodejs-devel-14.21.3-4.el7.s390x.rpm  
rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.s390x.rpm  
rh-nodejs14-npm-6.14.18-14.21.3.4.el7.s390x.rpm

x86_64:  
rh-nodejs14-nodejs-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-nodejs-devel-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-npm-6.14.18-14.21.3.4.el7.x86_64.rpm

Red Hat Software Collections for RHEL(v. 7):

Source:  
rh-nodejs14-nodejs-14.21.3-4.el7.src.rpm

noarch:  
rh-nodejs14-nodejs-docs-14.21.3-4.el7.noarch.rpm

x86_64:  
rh-nodejs14-nodejs-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-nodejs-debuginfo-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-nodejs-devel-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-nodejs-full-i18n-14.21.3-4.el7.x86_64.rpm  
rh-nodejs14-npm-6.14.18-14.21.3.4.el7.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-31124  
https://access.redhat.com/security/cve/CVE-2023-31130  
https://access.redhat.com/security/cve/CVE-2023-31147  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrqzNAAoJENzjgjWX9erESuAP/ibSBdF1DR/I/vUgD2OqpvaH  
evULtjwOdp31vlestbl+DM3DrhyUb1fbscYHSVwK+PHC0nHlhUmSUghjLKQS2JU/  
udMBSUbDfLw950fGcS3lp/DT5sAvchPXQy2GYjOdjwZVJAsE52ecetzdd3G2xc+0  
cNn0XcRuSPFtkS47sPkeZdlHd17RDy2fgIHsTrJ9wm4lO7az3pqNqSegrLpIVbXr  
Y+S+I+yVmlasQ9/l6BUG3JTp5zsQpItWF8DkXvPrv59saLRLo+Vz8ursOjWW0ihE  
DnMg0hznfknP0FmEr1o70AcEzhSBSvA0X4qlUttORdhoaN8KLtaXjNiMVMke4asw  
prvDiJCoPO7y2pZFIw2oRt0d92/xZRE5T6t0UhGw1hejMPPKP7tcTsTpzoGtWHw3  
VzgD322B7I6hSqJP1q18Q1bG2m7hm4QtxTSF+557VjBFMpqPSiKDRkUnb7CigJuz  
wgaKN2IP1iTeIOpjZpnBa0EiPszUmSN+FxSqo/1BchQSGomaONWk5XJtVYSO4ZYm  
Uo4qiM6p1EE5jMuBgkHwml5uY4EAemyHfGWobyjrylF4aGYZ11iYJayTIcZktmzC  
bTT3Mwdj4d2l+fgyf7s38tA5hgpD3fgdF9TH+FTtEJUmJucBF47P/A01v5RypfAC  
wcnuYaT1q7Bg8mySBCqN  
=FTmv  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4039-01

Red Hat Security Advisory 2023-4034-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: nodejs:16 security update  
Advisory ID:       RHSA-2023:4034-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4034  
Issue date:        2023-07-12  
CVE Names:         CVE-2023-31124 CVE-2023-31130 CVE-2023-31147   
                   CVE-2023-32067   
=====================================================================

1. Summary:

An update for the nodejs:16 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

* c-ares: Insufficient randomness in generation of DNS query IDs  
(CVE-2023-31147)

* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
(CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()  
2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs  
2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-16.19.1-2.module+el8.8.0+19038+6f60344f.src.rpm  
nodejs-nodemon-2.0.20-3.module+el8.8.0+19038+6f60344f.src.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

aarch64:  
nodejs-16.19.1-2.module+el8.8.0+19038+6f60344f.aarch64.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.8.0+19038+6f60344f.aarch64.rpm  
nodejs-debugsource-16.19.1-2.module+el8.8.0+19038+6f60344f.aarch64.rpm  
nodejs-devel-16.19.1-2.module+el8.8.0+19038+6f60344f.aarch64.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.8.0+19038+6f60344f.aarch64.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f.aarch64.rpm

noarch:  
nodejs-docs-16.19.1-2.module+el8.8.0+19038+6f60344f.noarch.rpm  
nodejs-nodemon-2.0.20-3.module+el8.8.0+19038+6f60344f.noarch.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

ppc64le:  
nodejs-16.19.1-2.module+el8.8.0+19038+6f60344f.ppc64le.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.8.0+19038+6f60344f.ppc64le.rpm  
nodejs-debugsource-16.19.1-2.module+el8.8.0+19038+6f60344f.ppc64le.rpm  
nodejs-devel-16.19.1-2.module+el8.8.0+19038+6f60344f.ppc64le.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.8.0+19038+6f60344f.ppc64le.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f.ppc64le.rpm

s390x:  
nodejs-16.19.1-2.module+el8.8.0+19038+6f60344f.s390x.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.8.0+19038+6f60344f.s390x.rpm  
nodejs-debugsource-16.19.1-2.module+el8.8.0+19038+6f60344f.s390x.rpm  
nodejs-devel-16.19.1-2.module+el8.8.0+19038+6f60344f.s390x.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.8.0+19038+6f60344f.s390x.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f.s390x.rpm

x86_64:  
nodejs-16.19.1-2.module+el8.8.0+19038+6f60344f.x86_64.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.8.0+19038+6f60344f.x86_64.rpm  
nodejs-debugsource-16.19.1-2.module+el8.8.0+19038+6f60344f.x86_64.rpm  
nodejs-devel-16.19.1-2.module+el8.8.0+19038+6f60344f.x86_64.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.8.0+19038+6f60344f.x86_64.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.8.0+19038+6f60344f.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-31124  
https://access.redhat.com/security/cve/CVE-2023-31130  
https://access.redhat.com/security/cve/CVE-2023-31147  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrqzFAAoJENzjgjWX9erEixYP/3ajNyoNWaPuUzmBVOCUKFC2  
suQW+Fcg9fAngeGEdUqRlvHJ8hFDVVPuIJVTM6xVtz6qfZNSX2mktjht6bUj0QNr  
VZ19ti2k6UCTtgDeHGsNmWv4m8subL31k8E8n6+x8JC2oMDHYwssp3IQVdIzVGV/  
1qiTl0NwHUChJE6XLscca3iIYABRCXRVb+7MIn3UynZdGjvtaRbiIsY0S3pgXqgC  
KXLd+H6RKPiCJ1wO2hMzfMeLRIiVlS/M37I0kmJ77QfOmmZcgpmb011FHHlUy3RM  
BMsuvAtal7VZzwPtOHJy5vD3RgWmxw5uUnkXbXL+M3k+nLxJ318aboXPboSSM5xv  
WjErRSVg+up2tZ1kc7yE8J668h7kRmcCTiI0JBFvYiw4fgxizc11f7kBHTghCg/2  
p9QpsrW8in3jkIBZDgQFjZ/vA4X9icwjKMC5VqkHGuvE/NzqvdxRUiwm2seJvNx1  
dz8pu98EJKldCLT4vRVUp5s0h93LxbDEXf+BRacZCQmpmSTAdG5VW1cVNJuBga98  
dVB1Y71wD3VJTkpCmDclbwLpI2sHBu20ZFDqX5ISW9ltE6sZMfHw1pDel4Ix6i5V  
xwF7ZaV/oa3BR+BWA55ZzebKGlPrQjOKTRYm5Gl3vwJWmaGxBhDc8lBy435l5hr7  
z17k3TtKn0FI4xX5d5CW  
=lJNY  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4034-01

Red Hat Security Advisory 2023-4033-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: nodejs:16 security update  
Advisory ID:       RHSA-2023:4033-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4033  
Issue date:        2023-07-12  
CVE Names:         CVE-2023-31124 CVE-2023-31130 CVE-2023-31147   
                   CVE-2023-32067   
=====================================================================

1. Summary:

An update for the nodejs:16 module is now available for Red Hat Enterprise  
Linux 8.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.8.6) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

* c-ares: Insufficient randomness in generation of DNS query IDs  
(CVE-2023-31147)

* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
(CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()  
2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs  
2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.8.6):

Source:  
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.src.rpm  
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.src.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.src.rpm

aarch64:  
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm  
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm  
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.aarch64.rpm

noarch:  
nodejs-docs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.noarch.rpm  
nodejs-nodemon-2.0.20-3.module+el8.6.0+19139+7f27a8ff.noarch.rpm  
nodejs-packaging-25-1.module+el8.5.0+10992+fac5fe06.noarch.rpm

ppc64le:  
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm  
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm  
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.ppc64le.rpm

s390x:  
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm  
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm  
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.s390x.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.s390x.rpm

x86_64:  
nodejs-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm  
nodejs-debuginfo-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm  
nodejs-debugsource-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm  
nodejs-devel-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm  
nodejs-full-i18n-16.19.1-2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm  
npm-8.19.3-1.16.19.1.2.module+el8.6.0+19139+7f27a8ff.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-31124  
https://access.redhat.com/security/cve/CVE-2023-31130  
https://access.redhat.com/security/cve/CVE-2023-31147  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrqy9AAoJENzjgjWX9erEed0P/2qeGttuYqzka5anQqCOc4Of  
Kw8VB/3Iw6zJZ/S07QcxXkFIJdWMZsR0RZdqGTIeTo1B5f3GUt6c2gGsfKZHuxs4  
SHIpacTXeCVhvZMdlyAHM9ZG6dv0v5NG4+vZmT9fcBTQRi1Xj5X4PaEViFzEqUpD  
dJYhCag8DUYUNHVv/5tv4dIfvRW9UDdxysWmjZgEDPVqjAee3ydZ4+grzmLJmXwj  
9VZrZcB73JwsIbm/MNqmYWDqoip/UtPHFfMsZGhn19MlrcZYmC4hK5hpWitL/tN0  
vmpnC9RRrbQ/VXGHqYD0YGFatYlImMYH8JtGYDw/VzDD7EG8tv1+w+LgA4GUETwd  
+ox27z7kicp8Tb0arKNO3tyY2XeOhNIWeLv/ObpXREZWNQ/OkX5GKg3U1Z/3fKJS  
DjonTtkbqBZLxy0QjN/wQ+5MjHQx8swQeO/yGLg+jZQJVE0XCN4l/YXnDD8vduER  
L2TzidXEU+qcGrCc/QW3dwCFnB9Hp+4khIEITAdp2pDfiJ0zizCRxl9MnL7l/hsZ  
SLBS4En9w6lN3R0aRxf4fjuiXksDm4KSuHy1TvWzFbs6QcDvt6dWgzVnuNMeJjGT  
87C4GJP0YT9jQe2JFPhtBilsSJZpI6BY02q0gJfzywDL9b73XpcOq7FvkBlN8MQm  
wPRuirjwtR56vZv0at2A  
=ZPgw  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4033-01

Red Hat Security Advisory 2023-4036-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include a denial of service vulnerability.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: nodejs security update  
Advisory ID:       RHSA-2023:4036-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4036  
Issue date:        2023-07-12  
CVE Names:         CVE-2023-31124 CVE-2023-31130 CVE-2023-31147   
                   CVE-2023-32067   
=====================================================================

1. Summary:

An update for nodejs is now available for Red Hat Enterprise Linux 9.0  
Extended Update Support.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream EUS (v.9.0) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

* c-ares: Insufficient randomness in generation of DNS query IDs  
(CVE-2023-31147)

* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
(CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()  
2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs  
2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream EUS (v.9.0):

Source:  
nodejs-16.18.1-4.el9_0.src.rpm

aarch64:  
nodejs-16.18.1-4.el9_0.aarch64.rpm  
nodejs-debuginfo-16.18.1-4.el9_0.aarch64.rpm  
nodejs-debugsource-16.18.1-4.el9_0.aarch64.rpm  
nodejs-full-i18n-16.18.1-4.el9_0.aarch64.rpm  
nodejs-libs-16.18.1-4.el9_0.aarch64.rpm  
nodejs-libs-debuginfo-16.18.1-4.el9_0.aarch64.rpm  
npm-8.19.2-1.16.18.1.4.el9_0.aarch64.rpm

noarch:  
nodejs-docs-16.18.1-4.el9_0.noarch.rpm

ppc64le:  
nodejs-16.18.1-4.el9_0.ppc64le.rpm  
nodejs-debuginfo-16.18.1-4.el9_0.ppc64le.rpm  
nodejs-debugsource-16.18.1-4.el9_0.ppc64le.rpm  
nodejs-full-i18n-16.18.1-4.el9_0.ppc64le.rpm  
nodejs-libs-16.18.1-4.el9_0.ppc64le.rpm  
nodejs-libs-debuginfo-16.18.1-4.el9_0.ppc64le.rpm  
npm-8.19.2-1.16.18.1.4.el9_0.ppc64le.rpm

s390x:  
nodejs-16.18.1-4.el9_0.s390x.rpm  
nodejs-debuginfo-16.18.1-4.el9_0.s390x.rpm  
nodejs-debugsource-16.18.1-4.el9_0.s390x.rpm  
nodejs-full-i18n-16.18.1-4.el9_0.s390x.rpm  
nodejs-libs-16.18.1-4.el9_0.s390x.rpm  
nodejs-libs-debuginfo-16.18.1-4.el9_0.s390x.rpm  
npm-8.19.2-1.16.18.1.4.el9_0.s390x.rpm

x86_64:  
nodejs-16.18.1-4.el9_0.x86_64.rpm  
nodejs-debuginfo-16.18.1-4.el9_0.i686.rpm  
nodejs-debuginfo-16.18.1-4.el9_0.x86_64.rpm  
nodejs-debugsource-16.18.1-4.el9_0.i686.rpm  
nodejs-debugsource-16.18.1-4.el9_0.x86_64.rpm  
nodejs-full-i18n-16.18.1-4.el9_0.x86_64.rpm  
nodejs-libs-16.18.1-4.el9_0.i686.rpm  
nodejs-libs-16.18.1-4.el9_0.x86_64.rpm  
nodejs-libs-debuginfo-16.18.1-4.el9_0.i686.rpm  
nodejs-libs-debuginfo-16.18.1-4.el9_0.x86_64.rpm  
npm-8.19.2-1.16.18.1.4.el9_0.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-31124  
https://access.redhat.com/security/cve/CVE-2023-31130  
https://access.redhat.com/security/cve/CVE-2023-31147  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrqy8AAoJENzjgjWX9erEKJ8QAJxKxAA+Y+Pv8URTAy4Q9Hby  
E+tojNCd1nX9i1+8CWk62BDjYUujxE4URawpZi5XhLY4DvNYxlkExR6VouoKumno  
fJoBiAAPsjLnNfUECQpSrwfwmdB6b8q0LQQGNYIuKXdKYW/udBddDtXVrlCFjAsK  
FCQbBL4/a/TWnT7AXU513p845+d8zeGQ6gEw4mstTbnGsg/jj69h6H7TYdsW1Eq3  
BnF/0GtDyiNKv3GgvWuXe8WQili1kYTZLDUnsm2onljuGJzQGxrmXkR8GZ/131+6  
oFB0exQWwyru5kUu76LFSDjyABpsd4rP2Jjdk7x4nlrmIEvxqzRgW+dF43Ucvxau  
RiDltNUnSuEI1yoT11Safd2qojfRA7PCl6D28cUG0fgVIzhqlWGIOvNkhBp05wS0  
gmuAL15WJzF+9o77/ZPqbWjB6xDYRgHrKtMYLHRCdrPSCu5ErafLggggUi60D1yq  
WCioRmMjBtuklklb/z8g+E7XrCSXff4usCDldJc7IhikQc2IKpkkGi44M6ELntdI  
ujOhsZjH0bmW6wz88RKEigCT6icHrwX3uElUYdj56WLwB8NKDmUgn11WijbTg7+T  
/arXJ7L93JuaJ9v9OR4+AO2jx5cME/vMtXaFhJzXhuMx2RTiXdNSCQG9Yh/FeO5v  
1OyLwi0IsLapSJL6mjTN  
=0cqs  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4036-01

Red Hat Security Advisory 2023-4035-01 - Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Issues addressed include buffer overflow and denial of service vulnerabilities.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: nodejs:18 security update  
Advisory ID:       RHSA-2023:4035-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4035  
Issue date:        2023-07-12  
CVE Names:         CVE-2022-4904 CVE-2023-31124 CVE-2023-31130   
                   CVE-2023-31147 CVE-2023-32067   
=====================================================================

1. Summary:

An update for the nodejs:18 module is now available for Red Hat Enterprise  
Linux 8.

Red Hat Product Security has rated this update as having a security impact  
of Important. A Common Vulnerability Scoring System (CVSS) base score,  
which gives a detailed severity rating, is available for each vulnerability  
from the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64

3. Description:

Node.js is a software development platform for building fast and scalable  
network applications in the JavaScript programming language.

Security Fix(es):

* c-ares: 0-byte UDP payload Denial of Service (CVE-2023-32067)

* c-ares: buffer overflow in config_sortlist() due to missing string length  
check (CVE-2022-4904)

* c-ares: Buffer Underwrite in ares_inet_net_pton() (CVE-2023-31130)

* c-ares: Insufficient randomness in generation of DNS query IDs  
(CVE-2023-31147)

* c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
(CVE-2023-31124)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2168631 - CVE-2022-4904 c-ares: buffer overflow in config_sortlist() due to missing string length check  
2209494 - CVE-2023-31124 c-ares: AutoTools does not set CARES_RANDOM_FILE during cross compilation  
2209497 - CVE-2023-31130 c-ares: Buffer Underwrite in ares_inet_net_pton()  
2209501 - CVE-2023-31147 c-ares: Insufficient randomness in generation of DNS query IDs  
2209502 - CVE-2023-32067 c-ares: 0-byte UDP payload Denial of Service

6. Package List:

Red Hat Enterprise Linux AppStream (v. 8):

Source:  
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.src.rpm  
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.src.rpm  
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.src.rpm

aarch64:  
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm  
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm  
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm  
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm  
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm  
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.aarch64.rpm

noarch:  
nodejs-docs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.noarch.rpm  
nodejs-nodemon-2.0.20-2.module+el8.8.0+18432+27f188ac.noarch.rpm  
nodejs-packaging-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm  
nodejs-packaging-bundler-2021.06-4.module+el8.7.0+15582+19c314fa.noarch.rpm

ppc64le:  
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm  
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm  
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm  
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm  
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm  
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.ppc64le.rpm

s390x:  
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm  
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm  
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm  
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm  
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.s390x.rpm  
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.s390x.rpm

x86_64:  
nodejs-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm  
nodejs-debuginfo-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm  
nodejs-debugsource-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm  
nodejs-devel-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm  
nodejs-full-i18n-18.14.2-3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm  
npm-9.5.0-1.18.14.2.3.module+el8.8.0+19021+4b8b11cc.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2022-4904  
https://access.redhat.com/security/cve/CVE-2023-31124  
https://access.redhat.com/security/cve/CVE-2023-31130  
https://access.redhat.com/security/cve/CVE-2023-31147  
https://access.redhat.com/security/cve/CVE-2023-32067  
https://access.redhat.com/security/updates/classification/#important

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrqy1AAoJENzjgjWX9erE78UP/3pGfGpruz+ko16UwA6z5pha  
k877FYX3KOFHStHNjSNHP/1h7qSjVJpoz53/SrEtPT8C3d/mBIr8A57GpgcIVL6N  
9TXZL+IuTrTZ81ZJePbSQCqUhuyLpdJVjMpObL1jLAe1VBBu56vfoNYI9s1zJTIH  
minA4Fserkl9ZBTd6lCTCzlbc+iS6R6CneHebkOeQB1hLdei7gAh00tExWF5BlX/  
WwCq7VmOA4vwV54YrImsC/RK2i50yJtHGm/vI0CP6bOyk+KSkStWKckjHz5A16TC  
z0BQjD/mPfUlEw4FAKWlnoc5awIpsNWxS86uAvvIrBmDchJTU+iZ+1k5bDeiGjP5  
xvSYgPrKYG1hAi2PcC7bTBM2b1dKbhiVJUrl7ZB9r6U/Y/N3U6V1uIj6Q/UID6Cs  
W17bI0DvKnmD0xBEe4DIvyrNLPwz4h7apjgIPT1P7iWgVlJnqU6bZ2wdKwVqpEhY  
nCLrw7p6Fa6n9VXTMxmoM4/mi2le44VAb8uUrnkHx8pFMowcVA01vEOqiqXUpEDZ  
RtNNTBJKhEj/SRYaE5VsNG2c6lDZhexhUCiA0uLTdQdnkAWHS8WFScuEa5TRmM6A  
4eQ5acyNm58iQPxXWcUrO79BaQThz678IrUPdx9PEuYbQamDsTVu/USQdrKQ70iq  
p8ltwpfh+tiWsb3kj811  
=xm/r  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-4035-01

Red Hat Security Advisory 2023-3976-01 - Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.24.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Important: OpenShift Container Platform 4.12.24 packages and security update  
Advisory ID:       RHSA-2023:3976-01  
Product:           Red Hat OpenShift Enterprise  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:3976  
Issue date:        2023-07-12  
CVE Names:         CVE-2023-1260   
=====================================================================

1. Summary:

Red Hat OpenShift Container Platform release 4.12.24 is now available with  
updates to packages and images that fix several bugs and add enhancements.

This release includes a security update for Red Hat OpenShift Container  
Platform 4.12.

Red Hat Product Security has rated this update as having a security impact  
of [impact]. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat OpenShift Container Platform 4.12 - aarch64, ppc64le, s390x, x86_64

3. Description:

Red Hat OpenShift Container Platform is Red Hat's cloud computing  
Kubernetes application platform solution designed for on-premise or private  
cloud deployments.

This advisory contains the RPM packages for Red Hat OpenShift Container  
Platform 4.12.24. See the following advisory for the container images for  
this release:

https://access.redhat.com/errata/RHBA-2023:3977

Security Fix(es):

* kube-apiserver: PrivEsc (CVE-2023-1260)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

All OpenShift Container Platform 4.12 users are advised to upgrade to these  
updated packages and images when they are available in the appropriate  
release channel. To check for available updates, use the OpenShift CLI (oc)  
or web console. Instructions for upgrading a cluster are available at  
https://docs.openshift.com/container-platform/4.12/updating/updating-cluster-cli.html

4. Solution:

For OpenShift Container Platform 4.12 see the following documentation,  
which will be updated shortly for this release, for important instructions  
on how to upgrade your cluster and fully apply this asynchronous errata  
update:

https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

5. Bugs fixed (https://bugzilla.redhat.com/):

2176267 - CVE-2023-1260 kube-apiserver: PrivEsc

6. Package List:

Red Hat OpenShift Container Platform 4.12:

Source:  
openshift-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el8.src.rpm

aarch64:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el8.aarch64.rpm

ppc64le:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el8.ppc64le.rpm

s390x:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el8.s390x.rpm

x86_64:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el8.x86_64.rpm

Red Hat OpenShift Container Platform 4.12:

Source:  
openshift-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el9.src.rpm

aarch64:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el9.aarch64.rpm

ppc64le:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el9.ppc64le.rpm

s390x:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el9.s390x.rpm

x86_64:  
openshift-hyperkube-4.12.0-202307040929.p0.g1485cc9.assembly.stream.el9.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-1260  
https://access.redhat.com/security/updates/classification/#important  
https://docs.openshift.com/container-platform/4.12/release_notes/ocp-4-12-release-notes.html

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrlhbAAoJENzjgjWX9erEZncP/jaguguNjnftMktlCnaGVYyH  
D/LsIpP6i+TqdgoqO7s3lq2yQiO3mUV4UIb8UKh3nid0ng0l59lPCQZiTtHhn4XJ  
yos8FaiP4HGswhK/nwjRyb8fqaCe0e3REYsokD9TdKC8hwEXlhIYrHLa1XQbsf9s  
K0NRZzt4+nMUUJpasfkkf5Lrl7qy+NI02q2V2WaIFvw8yT9wjLp0svcbFMfKwUtE  
pok620tS1ae72g3Ry3Gv9jOyUMeJpNdPlY9YEFkIEMdcDbjQSMTXr9tnLsdOct/w  
CCRyd8+i8snjcM6bdPEA0p5U2me7h3E05CHTgHkJuEv5yHE3mVDDUSpcUsRarkxt  
kL1w6ywnKeNg73C7ETCAWbknEdV0Jvmxe6+Xu2vI1lygl5RGMzI2ZiSyqOztdD4b  
w0Ob36B9ohOg4yoL5/4MG3pcM36oOOjram7xVPxWYeN5isYKAWYp2bCejB6l06OS  
+/23xJ4opyyvXLXvMAZ3EpgOdzykwRM0EGsf8URJJ50vCrgNwGmnEiZPO2K9HSCW  
Mlst2WHboNa1utugA9QGkDRSMlJVxHLP0LUDl1xqCnmFTOqfjl8OnFrf5JrNfm4l  
o7K3IoxyRbQyDAkIrHJuEH8uk8J5zUBV4i/gusREIwtiWXqcnQPRob8BdMZE710x  
i4zPW663VZosJKC6Sfi8  
=sWxB  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Red Hat Security Advisory 2023-3976-01

Red Hat Security Advisory 2023-4030-01 - Grafana is an open source, feature rich metrics dashboard and graph editor for Graphite, InfluxDB & OpenTSDB.

-----BEGIN PGP SIGNED MESSAGE-----  
Hash: SHA256

=====================================================================  
                   Red Hat Security Advisory

Synopsis:          Critical: grafana security update  
Advisory ID:       RHSA-2023:4030-01  
Product:           Red Hat Enterprise Linux  
Advisory URL:      https://access.redhat.com/errata/RHSA-2023:4030  
Issue date:        2023-07-12  
CVE Names:         CVE-2023-3128   
=====================================================================

1. Summary:

An update for grafana is now available for Red Hat Enterprise Linux 9.

Red Hat Product Security has rated this update as having a security impact  
of Critical. A Common Vulnerability Scoring System (CVSS) base score, which  
gives a detailed severity rating, is available for each vulnerability from  
the CVE link(s) in the References section.

2. Relevant releases/architectures:

Red Hat Enterprise Linux AppStream (v. 9) - aarch64, ppc64le, s390x, x86_64

3. Description:

Grafana is an open source, feature rich metrics dashboard and graph editor  
for Graphite, InfluxDB & OpenTSDB.

Security Fix(es):

* grafana: account takeover possible when using Azure AD OAuth  
(CVE-2023-3128)

For more details about the security issue(s), including the impact, a CVSS  
score, acknowledgments, and other related information, refer to the CVE  
page(s) listed in the References section.

4. Solution:

For details on how to apply this update, which includes the changes  
described in this advisory, refer to:

https://access.redhat.com/articles/11258

5. Bugs fixed (https://bugzilla.redhat.com/):

2213626 - CVE-2023-3128 grafana: account takeover possible when using Azure AD OAuth

6. Package List:

Red Hat Enterprise Linux AppStream (v. 9):

Source:  
grafana-9.0.9-3.el9_2.src.rpm

aarch64:  
grafana-9.0.9-3.el9_2.aarch64.rpm  
grafana-debuginfo-9.0.9-3.el9_2.aarch64.rpm  
grafana-debugsource-9.0.9-3.el9_2.aarch64.rpm

ppc64le:  
grafana-9.0.9-3.el9_2.ppc64le.rpm  
grafana-debuginfo-9.0.9-3.el9_2.ppc64le.rpm  
grafana-debugsource-9.0.9-3.el9_2.ppc64le.rpm

s390x:  
grafana-9.0.9-3.el9_2.s390x.rpm  
grafana-debuginfo-9.0.9-3.el9_2.s390x.rpm  
grafana-debugsource-9.0.9-3.el9_2.s390x.rpm

x86_64:  
grafana-9.0.9-3.el9_2.x86_64.rpm  
grafana-debuginfo-9.0.9-3.el9_2.x86_64.rpm  
grafana-debugsource-9.0.9-3.el9_2.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and  
details on how to verify the signature are available from  
https://access.redhat.com/security/team/key/

7. References:

https://access.redhat.com/security/cve/CVE-2023-3128  
https://access.redhat.com/security/updates/classification/#critical

8. Contact:

The Red Hat security contact is <secalert@redhat.com>. More contact  
details at https://access.redhat.com/security/team/contact/

Copyright 2023 Red Hat, Inc.  
-----BEGIN PGP SIGNATURE-----  
Version: GnuPG v1

iQIcBAEBCAAGBQJkrlhbAAoJENzjgjWX9erEmqgP/08o++LnXE6gFFVoTMV8mv0X  
aQ2K/92nc/40QClKKSPU6Emj1nq7+hI8TsROWUwuAnoSVUIUqJpRbjXp8VjeKVJA  
v/OaPshsU2xkPy1IsxXgrMu0qftOt0yrkAiE8LRLdTi36WSrk1pR1DYhnXBpKVNv  
6HdwSKdz/9lnCe4EMyimWIvYACsC6HkVR1pJ3ZvI9oN4MLCXvkxw64vKg4paQV63  
DizfK894MZxUyoUNkV5poNr+N7JhmhDBLyTxM1LqJlbDPRo6zXQEGNuseDDNU5O9  
gMEZ57ZS54DeweT6yvlomyQpoTMp8TuhBrI+hOol5SDQV+Z8k8QF1z0kVDrx4i63  
U2gy1yKt0hTel9MXJ7M2MPLkleTxJxD0ZnWGhfun3ztkbA3EWnryv7739KfhyrAP  
DoeSIuT2lHZC+TJyF3hHbYli2JfDQRlgLSiQSN6xtnOl6yW7qvyPQuyu2pCSRiWw  
4w8ADz1yYymTLihqhy0KxU9F4avjDzhkF9aRVxzrAp9lesS0q9ntZ8PulXfXRNVX  
VLJXFFHesy5I3hdL+TVDTyet5tZoDeYvvPHtCD4v6LS2wfMgTVCowphvDtoaDsm1  
aDFB7oIxce7q5YcKXJ+cb+mgy8HcZ5ilSCX1wy9agIq+mfRrvrfNYkAeLobPvh93  
M8arPhJhM7BKoFliAakK  
=fiNF  
-----END PGP SIGNATURE-----  
--  
RHSA-announce mailing list  
RHSA-announce@redhat.com  
https://listman.redhat.com/mailman/listinfo/rhsa-announce

Tag

#red_hat