[El-errata] ELEA-2024-9453 Oracle Linux 9 nodejs:20 bug fix and enhancement update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Thu Nov 21 14:43:00 UTC 2024
Oracle Linux Enhancement Advisory ELEA-2024-9453
http://linux.oracle.com/errata/ELEA-2024-9453.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
nodejs-20.17.0-1.module+el9.5.0+90443+13059b6a.x86_64.rpm
nodejs-devel-20.17.0-1.module+el9.5.0+90443+13059b6a.x86_64.rpm
nodejs-docs-20.17.0-1.module+el9.5.0+90443+13059b6a.noarch.rpm
nodejs-full-i18n-20.17.0-1.module+el9.5.0+90443+13059b6a.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
npm-10.8.2-1.20.17.0.1.module+el9.5.0+90443+13059b6a.x86_64.rpm
aarch64:
nodejs-20.17.0-1.module+el9.5.0+90443+13059b6a.aarch64.rpm
nodejs-devel-20.17.0-1.module+el9.5.0+90443+13059b6a.aarch64.rpm
nodejs-docs-20.17.0-1.module+el9.5.0+90443+13059b6a.noarch.rpm
nodejs-full-i18n-20.17.0-1.module+el9.5.0+90443+13059b6a.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
npm-10.8.2-1.20.17.0.1.module+el9.5.0+90443+13059b6a.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-20.17.0-1.module+el9.5.0+90443+13059b6a.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.src.rpm
Description of changes:
nodejs
[1:20.17.0-1]
- Update to 20.17.0
Resolves: RHEL-58721
[1:20.16.0-1]
- Update to 20.16.0
Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020
[1:20.14.0-1]
- Update to version 20.14.0
[1:20.12.2-2]
- Backport nghttp2 patch for CVE-2024-28182
[1:20.12.2-1]
- Rebase to version 20.12.0
Fixes CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
Fixes CVE-2024-25629 (c-ares)
[1:20.11.1-1]
- Rebase to version 20.11.1
- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high)
- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium)
[1:20.11.0-1]
- Rebase to version 20.11.0
Resolves: RHEL-21188
[1:20.9.0-1]
- Rebase to LTS
- Resolves: RHEL-16161
[1:20.8.1-1]
- Update node and nghttp
- Add fips patch
- Fixes CVE-2023-44487 (nghttp)
- Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333
[1:20.5.1-1]
- Rebase to new security release
- Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high)
- Address CVE-2023-32006, CVE-2023-32559 (medium)
- Address CVE-2023-32005, CVE-2023-32003 (low)
- Resolves: #2186717
- Resolves RHELPLAN-155639
[1:20.5.0-1]
- Update to v20.5.0
- Remove dtrace support
- bcond corepack, so we don't provide it by default
- Decrease debuginfo verbosity for all arches
- Resolves: #2186717
- Resolves RHELPLAN-155639
[1:18.16.1-1]
- Rebase to 18.16.1
Resolves: rhbz#2188292 rhbz#2187683
Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
- Replace /usr/etc/npmrc symlink with builtin configuration
Resolves: rhbz#2222285
[1:18.14.2-3]
- Update bundled c-ares to 1.19.1
Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
[1:18.14.2-2]
- Provide simduft
- Resolves: #2159389
[1:18.14.2-1]
- Rebase to 18.14.2
- Resolves: #2159389
- Resolves: CVE-2022-25881, CVE-2022-4904, CVE-2023-23936, CVE-2023-24807
- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
[1:18.12.1-1]
- Rebase + CVEs
- Resolves: #2142809
- Resolves: #2142830, #2142856
[1:18.10.0-3]
- Resolves: #2111861
- Add proper sources for undici
[1:18.10.0-2]
- Resolves: #2130565
- Add missing file
[1:18.10.0-1]
- Update to latest release
- Resolves: #2130565
- Resolves #2111009, #2111861, #2132732
nodejs-nodemon
nodejs-packaging
More information about the El-errata
mailing list