[El-errata] ELSA-2024-2853 Important: Oracle Linux 9 nodejs:20 security update

Fri May 17 15:57:41 UTC 2024

Oracle Linux Security Advisory ELSA-2024-2853

http://linux.oracle.com/errata/ELSA-2024-2853.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm
nodejs-devel-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm
nodejs-docs-20.12.2-2.module+el9.4.0+90322+0b80090c.noarch.rpm
nodejs-full-i18n-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
npm-10.5.0-1.20.12.2.2.module+el9.4.0+90322+0b80090c.x86_64.rpm

aarch64:
nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm
nodejs-devel-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm
nodejs-docs-20.12.2-2.module+el9.4.0+90322+0b80090c.noarch.rpm
nodejs-full-i18n-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
npm-10.5.0-1.20.12.2.2.module+el9.4.0+90322+0b80090c.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.src.rpm

Related CVEs:

CVE-2024-22025
CVE-2024-25629
CVE-2024-27982
CVE-2024-27983
CVE-2024-28182

Description of changes:

nodejs
[1:20.12.2-2]
- Backport nghttp2 patch for CVE-2024-28182

[1:20.12.2-1]
- Rebase to version 20.12.0
  Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
  Fixes: CVE-2024-25629 (c-ares)

nodejs-nodemon
nodejs-packaging