Oracle Linux 6277 Published by

The following updates are available for Oracle Linux:

ELSA-2024-1444 Important: Oracle Linux 8 nodejs:16 security update
ELSA-2024-1438 Important: Oracle Linux 9 nodejs security update
ELBA-2024-12237 Oracle Linux 9 lynx bug fix update
ELSA-2024-1462 Important: Oracle Linux 9 golang security update
ELSA-2024-1435 Important: Oracle Linux 8 postgresql-jdbc security update




ELSA-2024-1444 Important: Oracle Linux 8 nodejs:16 security update


Oracle Linux Security Advisory ELSA-2024-1444

http://linux.oracle.com/errata/ELSA-2024-1444.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.x86_64.rpm
nodejs-devel-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.x86_64.rpm
nodejs-docs-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.noarch.rpm
nodejs-full-i18n-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el8.9.0+90185+b2d3b544.noarch.rpm
nodejs-packaging-26-1.module+el8.9.0+90185+b2d3b544.noarch.rpm
npm-8.19.4-1.16.20.2.4.0.1.module+el8.9.0+90185+b2d3b544.x86_64.rpm

aarch64:
nodejs-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.aarch64.rpm
nodejs-devel-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.aarch64.rpm
nodejs-docs-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.noarch.rpm
nodejs-full-i18n-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el8.9.0+90185+b2d3b544.noarch.rpm
nodejs-packaging-26-1.module+el8.9.0+90185+b2d3b544.noarch.rpm
npm-8.19.4-1.16.20.2.4.0.1.module+el8.9.0+90185+b2d3b544.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-16.20.2-4.0.1.module+el8.9.0+90185+b2d3b544.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el8.9.0+90185+b2d3b544.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates//nodejs-packaging-26-1.module+el8.9.0+90185+b2d3b544.src.rpm

Related CVEs:

CVE-2023-44487
CVE-2024-22019

Description of changes:

nodejs
[1:16.20.2-4.0.1]
- reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
Resolves: CVE-2024-22019

nodejs-nodemon
nodejs-packaging
[26-1]
- nodejs.prov: find namespaced bundled dependencies
- Apply https://src.fedoraproject.org/rpms/nodejs-packaging/c/e24e7df



ELSA-2024-1438 Important: Oracle Linux 9 nodejs security update


Oracle Linux Security Advisory ELSA-2024-1438

http://linux.oracle.com/errata/ELSA-2024-1438.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-16.20.2-4.0.1.el9_3.x86_64.rpm
nodejs-docs-16.20.2-4.0.1.el9_3.noarch.rpm
nodejs-full-i18n-16.20.2-4.0.1.el9_3.x86_64.rpm
nodejs-libs-16.20.2-4.0.1.el9_3.i686.rpm
nodejs-libs-16.20.2-4.0.1.el9_3.x86_64.rpm
npm-8.19.4-1.16.20.2.4.0.1.el9_3.x86_64.rpm

aarch64:
nodejs-16.20.2-4.0.1.el9_3.aarch64.rpm
nodejs-docs-16.20.2-4.0.1.el9_3.noarch.rpm
nodejs-full-i18n-16.20.2-4.0.1.el9_3.aarch64.rpm
nodejs-libs-16.20.2-4.0.1.el9_3.aarch64.rpm
npm-8.19.4-1.16.20.2.4.0.1.el9_3.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-16.20.2-4.0.1.el9_3.src.rpm

Related CVEs:

CVE-2024-22019

Description of changes:

[1:16.20.2-4.0.1]
- reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks
Resolves: CVE-2024-22019



ELBA-2024-12237 Oracle Linux 9 lynx bug fix update


Oracle Linux Bug Fix Advisory ELBA-2024-12237

http://linux.oracle.com/errata/ELBA-2024-12237.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
lynx-2.8.9-19.0.1.el9.x86_64.rpm

aarch64:
lynx-2.8.9-19.0.1.el9.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//lynx-2.8.9-19.0.1.el9.src.rpm

Description of changes:

[2.8.9-19.0.1]
- backport page download fix from upstream [Orabug: 36369379]



ELSA-2024-1462 Important: Oracle Linux 9 golang security update


Oracle Linux Security Advisory ELSA-2024-1462

http://linux.oracle.com/errata/ELSA-2024-1462.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
go-toolset-1.20.12-2.el9_3.x86_64.rpm
golang-1.20.12-2.el9_3.x86_64.rpm
golang-bin-1.20.12-2.el9_3.x86_64.rpm
golang-docs-1.20.12-2.el9_3.noarch.rpm
golang-misc-1.20.12-2.el9_3.noarch.rpm
golang-src-1.20.12-2.el9_3.noarch.rpm
golang-tests-1.20.12-2.el9_3.noarch.rpm

aarch64:
go-toolset-1.20.12-2.el9_3.aarch64.rpm
golang-1.20.12-2.el9_3.aarch64.rpm
golang-bin-1.20.12-2.el9_3.aarch64.rpm
golang-docs-1.20.12-2.el9_3.noarch.rpm
golang-misc-1.20.12-2.el9_3.noarch.rpm
golang-src-1.20.12-2.el9_3.noarch.rpm
golang-tests-1.20.12-2.el9_3.noarch.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//golang-1.20.12-2.el9_3.src.rpm

Related CVEs:

CVE-2024-1394

Description of changes:

[1.20.12-2]
- Fix CVE-2024-1394
- Resolves: RHEL-27189



ELSA-2024-1435 Important: Oracle Linux 8 postgresql-jdbc security update


Oracle Linux Security Advisory ELSA-2024-1435

http://linux.oracle.com/errata/ELSA-2024-1435.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
postgresql-jdbc-42.2.14-3.el8_9.noarch.rpm
postgresql-jdbc-javadoc-42.2.14-3.el8_9.noarch.rpm

aarch64:
postgresql-jdbc-42.2.14-3.el8_9.noarch.rpm
postgresql-jdbc-javadoc-42.2.14-3.el8_9.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates//postgresql-jdbc-42.2.14-3.el8_9.src.rpm

Related CVEs:

CVE-2024-1597

Description of changes:

[42.2.14-3]
- Fix CVE-2024-1597