Amazon Linux 2023 Security Advisory: ALAS-2025-843
Advisory Release Date: 2025-02-12 22:57 Pacific
Advisory Updated Date: 2025-02-21 13:45 Pacific
Severity:
Medium
Issue Overview:
A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. This flaw could lead to increased memory consumption and potential denial of service under certain conditions. (CVE-2025-23085)
Affected Packages:
nodejs
Issue Correction:
Run dnf update nodejs --releasever 2023.6.20250218 to update your system.
New Packages:
aarch64:
nodejs-libs-debuginfo-18.20.6-1.amzn2023.0.1.aarch64
nodejs-devel-18.20.6-1.amzn2023.0.1.aarch64
v8-10.2-devel-10.2.154.26-1.18.20.6.1.amzn2023.0.1.aarch64
nodejs-debuginfo-18.20.6-1.amzn2023.0.1.aarch64
nodejs-full-i18n-18.20.6-1.amzn2023.0.1.aarch64
nodejs-libs-18.20.6-1.amzn2023.0.1.aarch64
nodejs-18.20.6-1.amzn2023.0.1.aarch64
nodejs-npm-10.8.2-1.18.20.6.1.amzn2023.0.1.aarch64
nodejs-debugsource-18.20.6-1.amzn2023.0.1.aarch64
noarch:
nodejs-docs-18.20.6-1.amzn2023.0.1.noarch
src:
nodejs-18.20.6-1.amzn2023.0.1.src
x86_64:
nodejs-libs-debuginfo-18.20.6-1.amzn2023.0.1.x86_64
v8-10.2-devel-10.2.154.26-1.18.20.6.1.amzn2023.0.1.x86_64
nodejs-debuginfo-18.20.6-1.amzn2023.0.1.x86_64
nodejs-full-i18n-18.20.6-1.amzn2023.0.1.x86_64
nodejs-devel-18.20.6-1.amzn2023.0.1.x86_64
nodejs-libs-18.20.6-1.amzn2023.0.1.x86_64
nodejs-18.20.6-1.amzn2023.0.1.x86_64
nodejs-npm-10.8.2-1.18.20.6.1.amzn2023.0.1.x86_64
nodejs-debugsource-18.20.6-1.amzn2023.0.1.x86_64