[El-errata] ELEA-2025-8879 Oracle Linux 9 nodejs:18 bug fix and enhancement update

Fri Jun 13 12:55:54 UTC 2025

Oracle Linux Enhancement Advisory ELEA-2025-8879

http://linux.oracle.com/errata/ELEA-2025-8879.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-18.20.8-1.module+el9.6.0+90614+f11b29ab.x86_64.rpm
nodejs-devel-18.20.8-1.module+el9.6.0+90614+f11b29ab.x86_64.rpm
nodejs-docs-18.20.8-1.module+el9.6.0+90614+f11b29ab.noarch.rpm
nodejs-full-i18n-18.20.8-1.module+el9.6.0+90614+f11b29ab.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.5.0+90514+74072e0a.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm
npm-10.8.2-1.18.20.8.1.module+el9.6.0+90614+f11b29ab.x86_64.rpm

aarch64:
nodejs-18.20.8-1.module+el9.6.0+90614+f11b29ab.aarch64.rpm
nodejs-devel-18.20.8-1.module+el9.6.0+90614+f11b29ab.aarch64.rpm
nodejs-docs-18.20.8-1.module+el9.6.0+90614+f11b29ab.noarch.rpm
nodejs-full-i18n-18.20.8-1.module+el9.6.0+90614+f11b29ab.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.5.0+90514+74072e0a.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.5.0+90514+74072e0a.noarch.rpm
npm-10.8.2-1.18.20.8.1.module+el9.6.0+90614+f11b29ab.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-18.20.8-1.module+el9.6.0+90614+f11b29ab.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.5.0+90514+74072e0a.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.5.0+90514+74072e0a.src.rpm

Description of changes:

nodejs
[1:18.20.8-1]
- Update to version 18.20.8
  Resolves: RHEL-83532 RHEL-89595

[1:18.20.6-2]
- Disable npm's update-notifier
  Resolves: RHEL-81076

[1:18.20.6-1]
- Update to version 18.20.6
  Resolves: RHEL-76801
  Fixes: CVE-2025-23085

[1:18.20.4-1]
- Update to 18.20.4
  Fixes: CVE-2024-22020 CVE-2024-28863

[1:18.20.2-2]
- Removes .ps1 files

[1:18.20.2-1]
- Rebase to 18.20.2
- Fix: CVE-2024-27983, CVE-2024-28182, CVE-2024-27982, CVE-2024-25629

[1:18.19.1-1]
- Rebase to version 18.19.1
- Fixes: CVE-2024-21892 CVE-2024-22019 (high)
- Fixes: CVE-2023-46809 (medium)

[1:18.19.0-1]
- Rebase to version 18.19.0
  Resolves: RHEL-21436

[1:18.17.1-1]
- Rebase to version 18.17.1
  Resolves: rhbz#2228940
  Resolves: CVE-2023-32002 CVE-2023-32006 CVE-2023-32559
- Specify proper OpenSSL configuration section build
  Related: rhbz#2226726

[1:18.16.1-2]
- Fix segfault that happens when processing fips-related options
  Resolves: BZ#2226726

[1:18.16.1-1]
- Rebase to 18.16.1
  Resolves: rhbz#2188292 rhbz#2187683
  Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
- Replace /usr/etc/npmrc symlink with builtin configuration
  Resolves: rhbz#2222285

[1:18.14.2-3]
- Update bundled c-ares to 1.19.1
  Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067

nodejs-nodemon
nodejs-packaging