[El-errata] ELSA-2023-0050 Moderate: Oracle Linux 8 nodejs:14 security, bug fix, and enhancement update

[Errata Announcements for Oracle Linux]

Oracle Linux Security Advisory ELSA-2023-0050

http://linux.oracle.com/errata/ELSA-2023-0050.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-14.21.1-2.module+el8.7.0+20895+79a25710.x86_64.rpm
nodejs-devel-14.21.1-2.module+el8.7.0+20895+79a25710.x86_64.rpm
nodejs-docs-14.21.1-2.module+el8.7.0+20895+79a25710.noarch.rpm
nodejs-full-i18n-14.21.1-2.module+el8.7.0+20895+79a25710.x86_64.rpm
nodejs-nodemon-2.0.20-2.module+el8.7.0+20895+79a25710.noarch.rpm
nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm
npm-6.14.17-1.14.21.1.2.module+el8.7.0+20895+79a25710.x86_64.rpm

aarch64:
nodejs-14.21.1-2.module+el8.7.0+20895+79a25710.aarch64.rpm
nodejs-devel-14.21.1-2.module+el8.7.0+20895+79a25710.aarch64.rpm
nodejs-docs-14.21.1-2.module+el8.7.0+20895+79a25710.noarch.rpm
nodejs-full-i18n-14.21.1-2.module+el8.7.0+20895+79a25710.aarch64.rpm
nodejs-nodemon-2.0.20-2.module+el8.7.0+20895+79a25710.noarch.rpm
nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm
npm-6.14.17-1.14.21.1.2.module+el8.7.0+20895+79a25710.aarch64.rpm


SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-14.21.1-2.module+el8.7.0+20895+79a25710.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-2.0.20-2.module+el8.7.0+20895+79a25710.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.src.rpm

Related CVEs:

CVE-2021-44906
CVE-2022-0235
CVE-2022-3517
CVE-2022-24999
CVE-2022-43548




Description of changes:

nodejs
[1:14.21.1-2]
- Apply upstream fix for CVE-2022-24999
  Resolves: CVE-2022-24999
- Record CVEs fixed by current or previous upstream releases
  Resolves: CVE-2021-44906

[1:14.21.1-1]
- Rebase to version 14.21.1
  Resolves: rhbz#2129805 CVE-2022-43548 CVE-2022-3517