Oracle Linux 6137 Published by

A nodejs bug fix update has been released for Oracle Linux 9.



ELBA-2023-4592 Oracle Linux 9 nodejs bug fix update


Oracle Linux Bug Fix Advisory ELBA-2023-4592

http://linux.oracle.com/errata/ELBA-2023-4592.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-16.20.1-2.el9_2.x86_64.rpm
nodejs-docs-16.20.1-2.el9_2.noarch.rpm
nodejs-full-i18n-16.20.1-2.el9_2.x86_64.rpm
nodejs-libs-16.20.1-2.el9_2.i686.rpm
nodejs-libs-16.20.1-2.el9_2.x86_64.rpm
npm-8.19.4-1.16.20.1.2.el9_2.x86_64.rpm

aarch64:
nodejs-16.20.1-2.el9_2.aarch64.rpm
nodejs-docs-16.20.1-2.el9_2.noarch.rpm
nodejs-full-i18n-16.20.1-2.el9_2.aarch64.rpm
nodejs-libs-16.20.1-2.el9_2.aarch64.rpm
npm-8.19.4-1.16.20.1.2.el9_2.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates//nodejs-16.20.1-2.el9_2.src.rpm

Description of changes:

[1:16.20.1-2]
- Fix segfault that happens when processing fips-related options
Resolves: BZ#2227796

[1:16.20.1-1]
- Rebase to 16.20.1
Resolves: rhbz#2188291
Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
- Replace /usr/etc/npmrc symlink with builtin configuration
Resolves: rhbz#2177781

[1:16.19.1-2]
- Update bundled c-ares to 1.19.1
Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067

[1:16.19.1-1]
- Rebase to 16.19.1
- Resolves: rhbz#2153714
- Resolves: CVE-2023-23918 CVE-2023-23919 CVE-2023-23936 CVE-2023-24807 CVE-2023-23920
- Resolves: CVE-2022-25881 CVE-2022-4904

[1:16.18.1-3]
- Update sources of undici WASM blobs
Resolves: rhbz#2151617

[1:16.18.1-2]
- Add back libs and v8-devel subpackages
- Related: RHBZ#2121126
- Record previously fixed CVE
- Resolves: CVE-2021-44906

[1:16.18.1-1]
- Rebase + CVEs
- Resolves: #2142808
- Resolves: #2142826, #2131745, #2142855

[16.17.1-1]
- Rebase to version 16.17.1
Resolves: CVE-2022-35255 CVE-2022-35256

[16.16.0-1]
- Rebase to version 16.16.0
Resolves: RHBZ#2106290
Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
Resolves: CVE-2022-29244

[16.14.0-5]
- Decouple dependency bundling from bootstrapping

[16.14.0-4]
- Apply lock file validation fixes
Resolves: CVE-2021-43616

[16.14.0-3]
- Refactor bootstap handling and configure script invocation
Resolves: rhbz#2056969

[1:16.14.0-2]
- Build with bootstrap by default due to old versions of dependencies available
- Resolves: #2042995, #2042970, #2042981, #2042989
- Resolves: #2029936, #2024890, #2014499, #2014135
- Resolves: #2013834, #1945299

[1:16.14.0-1]
- Update to latest version
- Use jinja and jq
- Don't fix python3
- Resolves: CVE-2022-21824, CVE-2021-44531, CVE-2021-44532, CVE-2021-44533
- Resolves CVE-2020-15095
- Resolves: CVE-2021-3918, CVE-2021-22959, CVE-2021-22960
- Resolves: CVE-2021-3807, CVE-2021-27290

[1:16.10.0-1]
- Rebase to 16.10.0, add corepack, fix PowerShell dependency
- Resolves: RHBZ#2000539, #2000548, #2000549, #2002177

[1:16.6.2-1]
- Rebase to 16.6.2
Resolves: CVE-2021-22931 CVE-2021-22939 CVE-2021-22940

[1:16.5.0-3]
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688