NodeJS, Thunderbird, Rsync, and more updates for Oracle Linux

Oracle Linux 6430 Published by

Oracle Linux has released several security updates for various platforms. These updates include bug fixes and enhancements for Oracle Linux 8's nodejs versions (20, 22, and 24), as well as a security update for Thunderbird on Oracle Linux 8. Additionally, security patches have been issued for other applications such as rsync on Oracle Linux 7, mingw-expat on Oracle Linux 8, and tar and gcc-toolset-14-binutils on Oracle Linux 9.

ELBA-2025-23364 Oracle Linux 8 nodejs:20 bug fix and enhancement update
ELSA-2026-0026 Important: Oracle Linux 8 thunderbird security update
ELBA-2025-23365 Oracle Linux 8 nodejs:22 bug fix and enhancement update
ELSA-2025-23415 Moderate: Oracle Linux 7 rsync security update
ELBA-2026-0070 Oracle Linux 8 mingw-expat bug fix and enhancement update
ELBA-2025-23366 Oracle Linux 8 nodejs:24 bug fix and enhancement update
ELSA-2026-0067 Moderate: Oracle Linux 9 tar security update
ELSA-2026-0052 Moderate: Oracle Linux 9 gcc-toolset-14-binutils security update
ELSA-2026-0025 Important: Oracle Linux 10 thunderbird security update
ELSA-2026-0002 Moderate: Oracle Linux 10 tar security update




ELBA-2025-23364 Oracle Linux 8 nodejs:20 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-23364

http://linux.oracle.com/errata/ELBA-2025-23364.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-20.19.5-1.module+el8.10.0+90743+b61054a8.x86_64.rpm
nodejs-devel-20.19.5-1.module+el8.10.0+90743+b61054a8.x86_64.rpm
nodejs-docs-20.19.5-1.module+el8.10.0+90743+b61054a8.noarch.rpm
nodejs-full-i18n-20.19.5-1.module+el8.10.0+90743+b61054a8.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm
npm-10.8.2-1.20.19.5.1.module+el8.10.0+90743+b61054a8.x86_64.rpm

aarch64:
nodejs-20.19.5-1.module+el8.10.0+90743+b61054a8.aarch64.rpm
nodejs-devel-20.19.5-1.module+el8.10.0+90743+b61054a8.aarch64.rpm
nodejs-docs-20.19.5-1.module+el8.10.0+90743+b61054a8.noarch.rpm
nodejs-full-i18n-20.19.5-1.module+el8.10.0+90743+b61054a8.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm
npm-10.8.2-1.20.19.5.1.module+el8.10.0+90743+b61054a8.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-20.19.5-1.module+el8.10.0+90743+b61054a8.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.src.rpm

Description of changes:

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065

[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517

[2.0.19-1]
- Rebase to 2.0.19
Resolves: CVE-2022-33987

[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com

[2.0.7-1]
- Resolves: RHBZ#1953991
- Update to 2.0.7 to resolve CVE-2020-28469

[2.0.3-1]
- Updated

[1.18.3-1]
- Resolves: #1615413
- Updated
- bundled

[1.11.0-2]
- rh-nodejs8 rebuild

[1.11.0-1]
- Updated with script



ELSA-2026-0026 Important: Oracle Linux 8 thunderbird security update


Oracle Linux Security Advisory ELSA-2026-0026

http://linux.oracle.com/errata/ELSA-2026-0026.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.6.0-1.0.1.el8_10.x86_64.rpm

aarch64:
thunderbird-140.6.0-1.0.1.el8_10.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/thunderbird-140.6.0-1.0.1.el8_10.src.rpm

Related CVEs:

CVE-2025-14321
CVE-2025-14322
CVE-2025-14323
CVE-2025-14324
CVE-2025-14325
CVE-2025-14328
CVE-2025-14329
CVE-2025-14330
CVE-2025-14331
CVE-2025-14333

Description of changes:

[140.6.0-1.0.1]
- Fix prefs for new nss [Orabug: 37079820]
- Add Oracle prefs file

[140.6.0]
- Add OpenELA debranding

[140.6.0-1]
- Update to 140.6.0 ESR



ELBA-2025-23365 Oracle Linux 8 nodejs:22 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-23365

http://linux.oracle.com/errata/ELBA-2025-23365.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-22.19.0-2.module+el8.10.0+90677+9c05a177.x86_64.rpm
nodejs-devel-22.19.0-2.module+el8.10.0+90677+9c05a177.x86_64.rpm
nodejs-docs-22.19.0-2.module+el8.10.0+90677+9c05a177.noarch.rpm
nodejs-full-i18n-22.19.0-2.module+el8.10.0+90677+9c05a177.x86_64.rpm
nodejs-libs-22.19.0-2.module+el8.10.0+90677+9c05a177.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90677+9c05a177.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.10.0+90741+9f7ab452.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90741+9f7ab452.noarch.rpm
npm-10.9.3-1.22.19.0.2.module+el8.10.0+90677+9c05a177.x86_64.rpm
v8-12.4-devel-12.4.254.21-1.22.19.0.2.module+el8.10.0+90677+9c05a177.x86_64.rpm

aarch64:
nodejs-22.19.0-2.module+el8.10.0+90677+9c05a177.aarch64.rpm
nodejs-devel-22.19.0-2.module+el8.10.0+90677+9c05a177.aarch64.rpm
nodejs-docs-22.19.0-2.module+el8.10.0+90677+9c05a177.noarch.rpm
nodejs-full-i18n-22.19.0-2.module+el8.10.0+90677+9c05a177.aarch64.rpm
nodejs-libs-22.19.0-2.module+el8.10.0+90677+9c05a177.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el8.10.0+90677+9c05a177.noarch.rpm
nodejs-packaging-2021.06-4.module+el8.10.0+90741+9f7ab452.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90741+9f7ab452.noarch.rpm
npm-10.9.3-1.22.19.0.2.module+el8.10.0+90677+9c05a177.aarch64.rpm
v8-12.4-devel-12.4.254.21-1.22.19.0.2.module+el8.10.0+90677+9c05a177.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-22.19.0-2.module+el8.10.0+90677+9c05a177.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el8.10.0+90677+9c05a177.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-packaging-2021.06-4.module+el8.10.0+90741+9f7ab452.src.rpm

Description of changes:

nodejs-packaging
[2021.06-4]
- Exclude ix86 arches from building.
Related: RHEL-35991

[2021.06-4]
- NPM bundler: also find namespaced bundled dependencies

[2021.06-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

[2021.06-2]
- Fix hard-coded output directory in the bundler

[2021.06-1]
- Update to 2021.06-1
- bundler: Handle archaic license metadata
- bundler: Warn about bundled dependencies with no license metadata

[2021.01-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[2021.01-2]
- nodejs-packaging-bundler improvements to handle uncommon characters

[2021.01]
- Add nodejs-packaging-bundler and update README.md

[2020.09-1]
- Move to dist-git as the upstream

[25-1]
- Fix incorrect bundled library detection for Requires



ELSA-2025-23415 Moderate: Oracle Linux 7 rsync security update


Oracle Linux Security Advisory ELSA-2025-23415

http://linux.oracle.com/errata/ELSA-2025-23415.html

The following updated rpms for Oracle Linux 7 have been uploaded to the Unbreakable Linux Network:

x86_64:
rsync-3.1.2-12.0.3.el7_9.x86_64.rpm

SRPMS:
http://oss.oracle.com/ol7/SRPMS-updates/rsync-3.1.2-12.0.3.el7_9.src.rpm

Related CVEs:

CVE-2024-12087

Description of changes:

[3.1.2-12.0.3]
- Fix CVE-2024-12087 [Orabug: 38771262]

[3.1.2-12.0.1]
* Back port fix for CVE-2024-12085 [Orabug: 37524229]



ELBA-2026-0070 Oracle Linux 8 mingw-expat bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2026-0070

http://linux.oracle.com/errata/ELBA-2026-0070.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
mingw32-expat-2.5.0-2.el8_10.noarch.rpm
mingw64-expat-2.5.0-2.el8_10.noarch.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/mingw-expat-2.5.0-2.el8_10.src.rpm

Description of changes:

[2.5.0-2]
- Add xmlwf.exe back to mingw-expat.



ELBA-2025-23366 Oracle Linux 8 nodejs:24 bug fix and enhancement update


Oracle Linux Bug Fix Advisory ELBA-2025-23366

http://linux.oracle.com/errata/ELBA-2025-23366.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-24.4.1-1.module+el8.10.0+90695+d2db0c9b.x86_64.rpm
nodejs-devel-24.4.1-1.module+el8.10.0+90695+d2db0c9b.x86_64.rpm
nodejs-docs-24.4.1-1.module+el8.10.0+90695+d2db0c9b.noarch.rpm
nodejs-full-i18n-24.4.1-1.module+el8.10.0+90695+d2db0c9b.x86_64.rpm
nodejs-libs-24.4.1-1.module+el8.10.0+90695+d2db0c9b.x86_64.rpm
nodejs-nodemon-3.0.3-1.module+el8.10.0+90695+d2db0c9b.noarch.rpm
nodejs-packaging-2021.06-5.module+el8.10.0+90744+861ee4a3.noarch.rpm
nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90744+861ee4a3.noarch.rpm
npm-11.4.2-1.24.4.1.1.module+el8.10.0+90695+d2db0c9b.noarch.rpm
v8-13.6-devel-13.6.233.10-1.24.4.1.1.module+el8.10.0+90695+d2db0c9b.x86_64.rpm

aarch64:
nodejs-24.4.1-1.module+el8.10.0+90695+d2db0c9b.aarch64.rpm
nodejs-devel-24.4.1-1.module+el8.10.0+90695+d2db0c9b.aarch64.rpm
nodejs-docs-24.4.1-1.module+el8.10.0+90695+d2db0c9b.noarch.rpm
nodejs-full-i18n-24.4.1-1.module+el8.10.0+90695+d2db0c9b.aarch64.rpm
nodejs-libs-24.4.1-1.module+el8.10.0+90695+d2db0c9b.aarch64.rpm
nodejs-nodemon-3.0.3-1.module+el8.10.0+90695+d2db0c9b.noarch.rpm
nodejs-packaging-2021.06-5.module+el8.10.0+90744+861ee4a3.noarch.rpm
nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90744+861ee4a3.noarch.rpm
npm-11.4.2-1.24.4.1.1.module+el8.10.0+90695+d2db0c9b.noarch.rpm
v8-13.6-devel-13.6.233.10-1.24.4.1.1.module+el8.10.0+90695+d2db0c9b.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-24.4.1-1.module+el8.10.0+90695+d2db0c9b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-3.0.3-1.module+el8.10.0+90695+d2db0c9b.src.rpm
http://oss.oracle.com/ol8/SRPMS-updates/nodejs-packaging-2021.06-5.module+el8.10.0+90744+861ee4a3.src.rpm

Description of changes:

nodejs
[1:24.4.1-1]
- Initial import of nodejs:24

nodejs-nodemon
[3.0.3-1]
- Initial import into nodejs:24 module

nodejs-packaging
[2021.06-5]
- nodejs.req to properly detect bundled deps



ELSA-2026-0067 Moderate: Oracle Linux 9 tar security update


Oracle Linux Security Advisory ELSA-2026-0067

http://linux.oracle.com/errata/ELSA-2026-0067.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
tar-1.34-9.el9_7.x86_64.rpm

aarch64:
tar-1.34-9.el9_7.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/tar-1.34-9.el9_7.src.rpm

Related CVEs:

CVE-2025-45582

Description of changes:

[2:1.34-9]
- Fix the last patch to solve a regression with -x and --xattrs: RHEL-136277
also, fix another tiny mistake in the patch (w/o visible consequences)

[2:1.34-8]
- Backport upstream changes to jailify extraction directory
Includes related gnulib changes to add openat2
Fixes CVE-2025-45582



ELSA-2026-0052 Moderate: Oracle Linux 9 gcc-toolset-14-binutils security update


Oracle Linux Security Advisory ELSA-2026-0052

http://linux.oracle.com/errata/ELSA-2026-0052.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
gcc-toolset-14-binutils-2.41-5.el9_7.1.x86_64.rpm
gcc-toolset-14-binutils-devel-2.41-5.el9_7.1.i686.rpm
gcc-toolset-14-binutils-devel-2.41-5.el9_7.1.x86_64.rpm
gcc-toolset-14-binutils-gold-2.41-5.el9_7.1.x86_64.rpm
gcc-toolset-14-binutils-gprofng-2.41-5.el9_7.1.x86_64.rpm

aarch64:
gcc-toolset-14-binutils-2.41-5.el9_7.1.aarch64.rpm
gcc-toolset-14-binutils-devel-2.41-5.el9_7.1.aarch64.rpm
gcc-toolset-14-binutils-gold-2.41-5.el9_7.1.aarch64.rpm
gcc-toolset-14-binutils-gprofng-2.41-5.el9_7.1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/gcc-toolset-14-binutils-2.41-5.el9_7.1.src.rpm

Related CVEs:

CVE-2025-11083

Description of changes:

[2.41-5.1]
- Fix a potential illegal memory access when linking a corrupt input file. (RHEL-130669)



ELSA-2026-0025 Important: Oracle Linux 10 thunderbird security update


Oracle Linux Security Advisory ELSA-2026-0025

http://linux.oracle.com/errata/ELSA-2026-0025.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
thunderbird-140.6.0-1.0.1.el10_1.x86_64.rpm

aarch64:
thunderbird-140.6.0-1.0.1.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/thunderbird-140.6.0-1.0.1.el10_1.src.rpm

Related CVEs:

CVE-2025-14321
CVE-2025-14322
CVE-2025-14323
CVE-2025-14324
CVE-2025-14325
CVE-2025-14328
CVE-2025-14329
CVE-2025-14330
CVE-2025-14331
CVE-2025-14333

Description of changes:

[140.6.0-1.0.1]
- Add Oracle prefs

[140.6.0-1]
- Update to 140.6.0 ESR



ELSA-2026-0002 Moderate: Oracle Linux 10 tar security update


Oracle Linux Security Advisory ELSA-2026-0002

http://linux.oracle.com/errata/ELSA-2026-0002.html

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:

x86_64:
tar-1.35-9.el10_1.x86_64.rpm

aarch64:
tar-1.35-9.el10_1.aarch64.rpm

SRPMS:
http://oss.oracle.com/ol10/SRPMS-updates/tar-1.35-9.el10_1.src.rpm

Related CVEs:

CVE-2025-45582

Description of changes:

[2:1.35-9]
- Fix a tiny mistake in the last patch affecting hardling extraction
(w/o visible consequences)

[2:1.35-8]
- Backport upstream changes to jailify extraction directory
Includes related gnulib changes to add openat2
Fixes CVE-2025-45582


Ruby, Thunderbird, Kernel updates for AlmaLinux

Libsodium update for Slackware

Windows

Linux

macOS

Community

  • SeveG
    need some help here... situationPC= Packard BellOS= win1 ...
  • dhamu
    Hello Phil, I have a Linux Tutorial website that curre ...
  • StephanX
    Hi friends, i am new in the Linux universe but i try to ...