Oracle Linux Security Advisory ELSA-2024-2853

https://linux.oracle.com/errata/ELSA-2024-2853.html

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

x86_64:
nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm
nodejs-devel-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm
nodejs-docs-20.12.2-2.module+el9.4.0+90322+0b80090c.noarch.rpm
nodejs-full-i18n-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
npm-10.5.0-1.20.12.2.2.module+el9.4.0+90322+0b80090c.x86_64.rpm

aarch64:
nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm
nodejs-devel-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm
nodejs-docs-20.12.2-2.module+el9.4.0+90322+0b80090c.noarch.rpm
nodejs-full-i18n-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm
npm-10.5.0-1.20.12.2.2.module+el9.4.0+90322+0b80090c.aarch64.rpm


SRPMS:
https://oss.oracle.com:443/ol9/SRPMS-updates//nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.src.rpm
https://oss.oracle.com:443/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.src.rpm
https://oss.oracle.com:443/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.src.rpm

Related CVEs:

CVE-2024-22025
CVE-2024-25629
CVE-2024-27982
CVE-2024-27983
CVE-2024-28182




Description of changes:

nodejs
[1:20.12.2-2]
- Backport nghttp2 patch for CVE-2024-28182

[1:20.12.2-1]
- Rebase to version 20.12.0
  Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
  Fixes: CVE-2024-25629 (c-ares)

nodejs-nodemon
nodejs-packaging

_______________________________________________
El-errata mailing list
El-errata@oss.oracle.com
https://oss.oracle.com/mailman/listinfo/el-errata

Oracle9: ELSA-2024-2853: nodejs:20 Important Security Advisory Updates

The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:

Summary

nodejs [1:20.12.2-2] - Backport nghttp2 patch for CVE-2024-28182 [1:20.12.2-1] - Rebase to version 20.12.0 Fixes: CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node) Fixes: CVE-2024-25629 (c-ares) nodejs-nodemon nodejs-packaging

SRPMs

https://oss.oracle.com:443/ol9/SRPMS-updates//nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.src.rpm https://oss.oracle.com:443/ol9/SRPMS-updates//nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.src.rpm https://oss.oracle.com:443/ol9/SRPMS-updates//nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.src.rpm

x86_64

nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm nodejs-devel-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm nodejs-docs-20.12.2-2.module+el9.4.0+90322+0b80090c.noarch.rpm nodejs-full-i18n-20.12.2-2.module+el9.4.0+90322+0b80090c.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm npm-10.5.0-1.20.12.2.2.module+el9.4.0+90322+0b80090c.x86_64.rpm

aarch64

nodejs-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm nodejs-devel-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm nodejs-docs-20.12.2-2.module+el9.4.0+90322+0b80090c.noarch.rpm nodejs-full-i18n-20.12.2-2.module+el9.4.0+90322+0b80090c.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm nodejs-packaging-bundler-2021.06-4.module+el9.3.0+90066+12d4a8d7.noarch.rpm npm-10.5.0-1.20.12.2.2.module+el9.4.0+90322+0b80090c.aarch64.rpm

i386

Severity

Related CVEs: CVE-2024-22025 CVE-2024-25629 CVE-2024-27982 CVE-2024-27983 CVE-2024-28182

Related News

34.Key AbstractDigital Esm H170

RansomHub Unmasked: Protecting Linux Infrastructure Against High-Stakes Ransomware

2 - 4 min read

Jun 23, 2024

RansomHub, a Ransomware-as-a-Service (RaaS) platform, has emerged as a significant threat to organizations around the globe. Targeting Windows,

1.Penguin Landscape Esm H170

Embracing Anonymity and Privacy: Tails 6.4 Release Insights

2 - 4 min read

Jun 18, 2024

As digital privacy and security evolves, anonymity cannot be overemphasized. Tails is a live operating system designed to keep its focus on privacy

32.Lock Code Circular Esm H170

Severe Linux Kernel Privilege Escalation Bugs Could Compromise Entire Systems

2 - 4 min read

Jun 13, 2024

The Cybersecurity and Infrastructure Security Agency (CISA) recently added a new Linux kernel privilege escalation bug ( CVE-2024-1086 ) to its

6.EmailConnection Touch Esm H170

Thunderbird, Firefox DoS, Info Disclosure Vulns Fixed in Ubuntu and Debian

2 - 3 min read

Jun 13, 2024

Recent security updates for Ubuntu and Debian have been released to address vulnerabilities in Thunderbird, the popular open-source mail and

20.Lock AbstractDigital Circular Esm H170

CISA Adds New Chromium Zero-Day Bug to its Known Exploited Vulnerability Catalog

2 - 3 min read

Jun 13, 2024

Google has released fixes for a high-severity Chromium security flaw ( CVE-2024-5274 ) impacting its widely used Chrome browser and other

20.Lock AbstractDigital Circular Esm H170

Multiple Apache HTTP Server Flaws Fixed in Ubuntu

1 - 2 min read

Jun 13, 2024

The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server (apache2) impacting versions

24.Key Code Esm H170

CVE-2024-4577: A Swiftly Weaponized Vulnerability for Ransomware Distribution

2 - 4 min read

Jun 11, 2024

Security researchers recently issued an update detailing how attackers are exploiting a PHP code execution vulnerability to spread TellYouThePass

8.Locks HexConnections CodeGlobe Esm H170

Understanding & Protecting Against the New Noodle RAT Backdoor Threat

2 - 4 min read

Jun 11, 2024

A new backdoor, "Noodle RAT" has caused widespread alarm across the cybersecurity landscape. Research highlights this previously undisclosed malware

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

News

Cloud Security Cryptography Desktop Security Firewall Government Hacks/Cracks IoT Security Network Security Organizations/Events Privacy Security Projects Security Trends Security Vulnerabilities Server Security Vendors/Products
Advisories

Debian Debian LTS Fedora Gentoo Mageia Oracle openSUSE RockyLinux Slackware SuSE Ubuntu
HOWTOs

Harden My Filesystem Learn Tips and Tricks Secure My E-mail Secure My Firewall Secure My Network Secure My Webserver Strengthen My Privacy
Features

Best Secure Linux Distros for Enhanced Privacy & Security The Truth About Linux Malware & How to Protect Your System Is Linux A More Secure Option Than Windows For Businesses? How Secure Is Linux? Top Tips for Securing Your Linux System
About Us

Advertise Contribute Your Article Legal Notice RSS Feeds Contact Us Terms of Service Privacy Policy
Powered By

Linux Security - Your source for Top Linux News, Advisories, HowTo's and Feature Release.

© 2024 Guardian Digital, Inc All Rights Reserved