{"type":"TYPE_SECURITY","shortCode":"RL","name":"RLSA-2022:6963","synopsis":"Important: nodejs security update","severity":"SEVERITY_IMPORTANT","topic":"An update for nodejs is now available for Rocky Linux 9.\nRocky Enterprise Software Foundation Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.","description":"Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \nThe following packages have been upgraded to a later upstream version: nodejs (16.17.1).\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.","solution":null,"affectedProducts":["Rocky Linux 9"],"fixes":[{"ticket":"2130517","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2130517","description":"CVE-2022-35255 nodejs: weak randomness in WebCrypto keygen"},{"ticket":"2130518","sourceBy":"Red Hat","sourceLink":"https:\/\/bugzilla.redhat.com\/show_bug.cgi?id=2130518","description":"CVE-2022-35256 nodejs: HTTP Request Smuggling due to incorrect parsing of header fields"}],"cves":[{"name":"CVE-2022-35256","sourceBy":"Red Hat","sourceLink":"https:\/\/access.redhat.com\/hydra\/rest\/securitydata\/cve\/CVE-2022-35256.json","cvss3ScoringVector":"CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:L\/A:N","cvss3BaseScore":"6.5","cwe":"CWE-444"}],"references":[],"publishedAt":"2023-01-25T21:21:29.210145Z","rpms":{},"rebootSuggested":false,"buildReferences":[]}