Fedora Account System
Red Hat Associate
Red Hat Customer
Affected Node.js versions are vulnerable to denial of service attacks when too many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is configured, then this lead to an excessive memory usage and cause the system to run out of memory. Reference: https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/#update-23-feb-2021-security-releases-available
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 1932015] Affects: fedora-all [bug 1932019] Created nodejs:10/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1932016] Created nodejs:12/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1932020] Created nodejs:13/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1932017] Created nodejs:14/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1932018] Created nodejs:15/nodejs tracking bugs for this issue: Affects: fedora-all [bug 1932021]
Upstream fix : nodejs-15: https://github.com/nodejs/node/commit/4184806deed6b6c393dd8737aab1dc0c78a24c78 nodejs-14: https://github.com/nodejs/node/commit/afea10b09785996348fc198c8aa97eb10a05cec9 nodejs-12: https://github.com/nodejs/node/commit/922ada77132c1b0b69c9a146822d762b2f9b912b nodejs-10: https://github.com/nodejs/node/commit/3f2e9dc40c9964965b075c00719829f9bb17e65f
Statement: Red Hat Quay from version 3.4 consumes the nodejs from RHEL, so security tracking is provided by the container health index on the customer portal [1]. Additionally there is no impact from this issue on Quay 3.3 and 3.2 because they don't use nodejs as a HTTP server. [1] https://catalog.redhat.com/software/containers/quay/quay-rhel8/600e03aadd19c7786c43ae49?container-tabs=security
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0734 https://access.redhat.com/errata/RHSA-2021:0734
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0735 https://access.redhat.com/errata/RHSA-2021:0735
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-22883
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0739 https://access.redhat.com/errata/RHSA-2021:0739
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Extended Update Support Via RHSA-2021:0741 https://access.redhat.com/errata/RHSA-2021:0741
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0738 https://access.redhat.com/errata/RHSA-2021:0738
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Extended Update Support Via RHSA-2021:0740 https://access.redhat.com/errata/RHSA-2021:0740
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2021:0744 https://access.redhat.com/errata/RHSA-2021:0744
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:0827 https://access.redhat.com/errata/RHSA-2021:0827
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:0830 https://access.redhat.com/errata/RHSA-2021:0830
This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS Via RHSA-2021:0831 https://access.redhat.com/errata/RHSA-2021:0831