Oracle Linux 6277 Published by

A nodejs:20 security update has been released for Oracle Linux 8.



ELSA-2023-7205 Important: Oracle Linux 8 nodejs:20 security update


Oracle Linux Security Advisory ELSA-2023-7205

http://linux.oracle.com/errata/ELSA-2023-7205.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-20.8.1-1.module+el8.9.0+90082+b6a613a6.x86_64.rpm
nodejs-devel-20.8.1-1.module+el8.9.0+90082+b6a613a6.x86_64.rpm
nodejs-docs-20.8.1-1.module+el8.9.0+90082+b6a613a6.noarch.rpm
nodejs-full-i18n-20.8.1-1.module+el8.9.0+90082+b6a613a6.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el8.9.0+90082+b6a613a6.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm
npm-10.1.0-1.20.8.1.1.module+el8.9.0+90082+b6a613a6.x86_64.rpm

aarch64:
nodejs-docs-20.8.1-1.module+el8.9.0+90082+b6a613a6.noarch.rpm
nodejs-nodemon-3.0.1-1.module+el8.9.0+90082+b6a613a6.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.9.0+90082+b6a613a6.noarch.rpm
nodejs-20.8.1-1.module+el8.9.0+90082+b6a613a6.aarch64.rpm
nodejs-devel-20.8.1-1.module+el8.9.0+90082+b6a613a6.aarch64.rpm
nodejs-full-i18n-20.8.1-1.module+el8.9.0+90082+b6a613a6.aarch64.rpm
npm-10.1.0-1.20.8.1.1.module+el8.9.0+90082+b6a613a6.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-20.8.1-1.module+el8.9.0+90082+b6a613a6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.9.0+90082+b6a613a6.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-2021.06-4.module+el8.9.0+90082+b6a613a6.src.rpm

Related CVEs:

CVE-2023-38552
CVE-2023-39331
CVE-2023-39332
CVE-2023-39333
CVE-2023-44487
CVE-2023-45143

Description of changes:

nodejs
[1:20.8.1-1]
- Update node and nghttp
- Add fips patch
- Fixes CVE-2023-44487 (nghttp)
- Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

nodejs-packaging