Amazon Linux 2023 Security Advisory: ALAS-2023-226
Advisory Release Date: 2023-06-21 19:10 Pacific
Advisory Updated Date: 2023-06-27 20:58 Pacific
Severity:
Medium
Issue Overview:
In some cases Node.js did does not clear the OpenSSL error stack after operations that may set it. This may lead to false positive errors during subsequent cryptographic operations that happen to be on the same thread. This in turn could be used to cause a denial of service. (CVE-2023-23919)
Affected Packages:
nodejs
Issue Correction:
Run dnf update nodejs --releasever 2023.1.20230628 to update your system.
New Packages:
aarch64:
nodejs-libs-debuginfo-18.12.1-1.amzn2023.0.5.aarch64
nodejs-devel-18.12.1-1.amzn2023.0.5.aarch64
nodejs-debuginfo-18.12.1-1.amzn2023.0.5.aarch64
nodejs-full-i18n-18.12.1-1.amzn2023.0.5.aarch64
nodejs-18.12.1-1.amzn2023.0.5.aarch64
v8-devel-10.2.154.15-1.18.12.1.1.amzn2023.0.5.aarch64
nodejs-libs-18.12.1-1.amzn2023.0.5.aarch64
npm-8.19.2-1.18.12.1.1.amzn2023.0.5.aarch64
nodejs-debugsource-18.12.1-1.amzn2023.0.5.aarch64
noarch:
nodejs-docs-18.12.1-1.amzn2023.0.5.noarch
src:
nodejs-18.12.1-1.amzn2023.0.5.src
x86_64:
nodejs-libs-debuginfo-18.12.1-1.amzn2023.0.5.x86_64
nodejs-debuginfo-18.12.1-1.amzn2023.0.5.x86_64
nodejs-devel-18.12.1-1.amzn2023.0.5.x86_64
nodejs-full-i18n-18.12.1-1.amzn2023.0.5.x86_64
v8-devel-10.2.154.15-1.18.12.1.1.amzn2023.0.5.x86_64
nodejs-libs-18.12.1-1.amzn2023.0.5.x86_64
nodejs-18.12.1-1.amzn2023.0.5.x86_64
npm-8.19.2-1.18.12.1.1.amzn2023.0.5.x86_64
nodejs-debugsource-18.12.1-1.amzn2023.0.5.x86_64