Oracle Linux Security Advisory ELSA-2021-3666

https://linux.oracle.com/errata/ELSA-2021-3666.html

The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm
nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm
nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpm
nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.x86_64.rpm
nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpm
nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm
npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.x86_64.rpm

aarch64:
nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.aarch64.rpm
nodejs-devel-14.17.5-1.module+el8.4.0+20313+f90c2973.aarch64.rpm
nodejs-docs-14.17.5-1.module+el8.4.0+20313+f90c2973.noarch.rpm
nodejs-full-i18n-14.17.5-1.module+el8.4.0+20313+f90c2973.aarch64.rpm
nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.noarch.rpm
nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm
npm-6.14.14-1.14.17.5.1.module+el8.4.0+20313+f90c2973.aarch64.rpm


SRPMS:
https://oss.oracle.com/ol8/SRPMS-updates/nodejs-14.17.5-1.module+el8.4.0+20313+f90c2973.src.rpm
https://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-2.0.3-1.module+el8.3.0+7818+6cd30d85.src.rpm
https://oss.oracle.com/ol8/SRPMS-updates/nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.src.rpm

Related CVEs:

CVE-2021-3672
CVE-2021-22930
CVE-2021-22931
CVE-2021-22939
CVE-2021-22940
CVE-2021-23343
CVE-2021-32803
CVE-2021-32804




Description of changes:

nodejs
[1:14.17.5-1]
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939, CVE-2021-22940,
- CVE-2021-23343, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves RHBZ#1847529 (make FIPS always available)
- Resolves: RHBZ#1988599, RHBZ#1994000, RHBZ#1993998, RHBZ#1993095
- Resolves: RHBZ#1994028, RHBZ#1994402, RHBZ#1994406, RHBZ#1994398
- Resolves: RHBZ#1993924 (make FIPS always available)

[1:14.17.3-3]
- Resolves: RHBZ#1991584, RHBZ#1991578
- Resolves CVE-2021-23362 CVE-2021-27290
- Bump for missing mentions of CVEs

_______________________________________________
El-errata mailing list
[email protected]
https://oss.oracle.com/mailman/listinfo/el-errata