ELBA-2025-4055
- ULN >
- Oracle Linux Errata repository >
- ELBA-2025-4055
ELBA-2025-4055 - nodejs:20 bug fix and enhancement update
| Type: | BUG |
| Impact: | NA |
| Release Date: | 2025-04-23 |
Description
nodejs
[1:20.18.2-3]
- Remove obsolete lua pretransaction script from spec file
Resolves: RHEL-81125
[1:20.18.2-2]
- Disable npm's update-notifier
Resolves: RHEL-81077
[1:20.18.2-1]
- Update to version 20.18.2
Fixes: CVE-2025-23083 CVE-2025-23085 CVE-2025-22150
Resolves: RHEL-76001 RHEL-76146
[1:20.16.0-1]
- Update to 20.16.0
Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020
[1:20.12.2-2]
- Backport nghttp2 patch for CVE-2024-28182
[1:20.12.2-1]
- Rebase to version 20.12.0
Addresses CVE-2024-27983 CVE-2024-27982 CVE-2024-22025 (node)
Addresses CVE-2024-25629 (c-ares)
[1:20.11.1-1]
- Rebase to version 20.11.1
- Fixes: CVE-2024-21892 CVE-2024-21896 CVE-2024-22017 CVE-2024-22019 (high)
- Fixes: CVE-2023-46809 CVE-2024-21890 CVE-2024-21891 (medium)
[1:20.11.0-1]
- Rebase to version 20.11.0
- Resolves: RHEL-21434
[1:20.9.0-1]
- Rebase to LTS
- Resolves: RHEL-16159
[1:20.8.1-1]
- Update node and nghttp
- Add fips patch
- Fixes CVE-2023-44487 (nghttp)
- Fixes CVE-2023-45143, CVE-2023-39331, CVE-2023-39332, CVE-2023-38552, CVE-2023-39333
[1:20.5.1-1]
- Rebase to new security release
- Address CVE-2023-32002, CVE-2023-32004, CVE-2023-32558 (high)
- Address CVE-2023-32006, CVE-2023-32559 (medium)
- Address CVE-2023-32005, CVE-2023-32003 (low)
- Resolves: #2186718
- Resolves RHELPLAN-155624
[1:20.5.0-1]
- Update to v20.5.0
- Remove dtrace support
- bcond corepack, so we don't provide it by default
- Decrease debuginfo verbosity for all arches
- Resolves: #2186718
- Resolves RHELPLAN-155624
[1:18.16.1-1]
- Rebase to 18.16.1
Resolves: rhbz#2188290 rhbz#2166926
Resolves: CVE-2023-30581 CVE-2023-30588 CVE-2023-30589 CVE-2023-30590
- Replace /usr/etc/npmrc symlink with builtin configuration
Resolves: rhbz#2222287
[1:18.14.2-3]
- Update bundled c-ares to 1.19.1
Resolves: CVE-2022-4904
Resolves: CVE-2023-31124 CVE-2023-31130 CVE-2023-31147 CVE-2023-32067
[1:18.14.2-2]
- Provide simduft
[1:18.14.2-1]
- Rebase to 18.14.2
- Resolves: #2178086
- Resolves: CVE-2022-25881, CVE-2023-23936, CVE-2023-24807
- Resolves: CVE-2023-23918, CVE-2023-23919, CVE-2023-23920
[1:18.12.1-2]
- Update version of bundled histogram
[1:18.12.1-1]
- Rebase to version 18.12.1
Resolves: rhbz#2125580 CVE-2022-43548 CVE-2022-3517
[1:18.9.1-1]
- Rebase to version 18.9.1
Resolves: CVE-2022-35255 CVE-2022-35256
[1:18.8.0-1]
- Rebase to version 18.8.0
- Include sources for WASM blobs
[1:18.6.0-1]
- Rebase to version 18.6.0
Resolves: CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215
Resolves: CVE-2022-29244
[1:18.2.0-1]
- Rebase to version 18.2.0
[1:16.14.0-5]
- Unify configure calls into single command
- Refactor bootstrap-related parts
- Decouple dependency bundling from bootstrapping
[1:16.14.0-4]
- Apply lock file validation fixes
- Resolves: CVE-2021-43616
- Resolves: RHBZ#2070013
[1:16.13.1-3]
- Resolves: RHBZ#2026329
- Add corepack to spec
[1:16.13.1-2]
- Resolves: RHBZ#2026329
- Update npm version test
[1:16.13.1-1]
- Resolves: RHBZ#2014132, RHBZ#2014126, RHBZ#2013828, RHBZ#2024920
- Resolves: RHBZ#2026329
- Rebase to LTS release and to fix multiple low and medium CVEs
[1:16.8.0-1]
- Resolves CVE-2021-32803, CVE-2021-32804, CVE-2021-37701, CVE-2021-37712
- Resolves: RHBZ#1993948, RHBZ#1993941, RHBZ#2000151, RHBZ#2002176
[1:16.7.0-2]
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
- fix python3 in gyp
[1:16.7.0-1]
- Resolves CVE-2021-22930, CVE-2021-22931, CVE-2021-22939,
- CVE-2021-22940, CVE-2021-32803, CVE-2021-32804, CVE-2021-3672
- Resolves: RHBZ#1988608, RHBZ#1993816, RHBZ#1993810
- Resolves: RHBZ#1993097, RHBZ#1993948, RHBZ#1993941, RHBZ#1994963
[1:16.4.2-1]
- Resolves: RHBZ#1979847
- Resolves CVE-2021-22918(libuv)
- Use system cipher list(1842826, 1952915)
[1:16.1.0-1]
- Resolves: RHBZ#1953991
- Rebase to v16.x
- Update version of gcc and gcc-c++ needed
- Remove libs conditionals
- Remove unused patches
- Bundle nghttp3 and ngtcp2
[1:14.16.0-2]
- Resolves RHBZ#1930775
- remove --debug-nghttp2 option
[1:14.16.0-1]
- Resolves CVE-2021-22883 CVE-2021-22884
- Resolves: RHBZ#1934566, RHBZ#1934599
- Rebase, remove ini patch
[1:14.15.4-2]
- Add patch for yarn crash
- Resolves: RHBZ#1915296
[1:14.15.4-1]
- Security rebase to 14.15.4
- https://nodejs.org/en/blog/vulnerability/january-2021-security-releases/
- Resolves: RHBZ#1913001, RHBZ#1912953
- Resolves: RHBZ#1912636, RHBZ#1898602, RHBZ#1898768, RHBZ#1893987, RHBZ#1893184
[1:14.15.0-1]
- Resolves: RHBZ#1858864
- Update to LTS release
[1:14.11.0-1]
- Security update to 14.11.0
[1:14.4.0-1]
- Security update to 14.4.0
- Resolves: RHBZ#1815402
[1:14.3.0-1]
- Update to 14.3.0
- Fix optflags to save memory
- Resolves: RHBZ#1815402
[1:14.2.0-1]
- Update to 14.2.0
- build with python3 only
- some clean up
[1:12.16.1-2]
- Fix CVE-2020-10531
[1:12.16.1-1]
- Rebase to 12.16.1
[1:12.14.1-1]
- Rebase to 12.14.1
[1:12.13.1-1]
- Resolves: RHBZ# 1773503, update to 12.13.1
- minor clean up and sync with Fedora spec
- turn off debug builds
[1:12.4.0-2]
- Add condition to libs
[1:12.4.0-1]
- Update to v12.x
- Add v8-devel and libs subpackages from fedora
[1:10.14.1-2]
- move nodejs-packaging BR out of conditional
[1:10.14.1-1]
- Resolves RHBZ#1644207
- fixes node-gyp permissions
- rebase
[1:10.11.0-2]
- BuildRequire nodejs-packaging for proper npm dependency generation
- Resolves: rhbz#1615947
[1:10.11.0-1]
- Rebase to 10.11.0
- Import changes from fedora
- Resolves: rhbz#1621766
[1:10.7.0-5]
- Import sources from fedora
- Allow using python2 at %build and %install
- turn off debug for aarch64
[1:10.7.0-4]
- Fix npm upgrade scriptlet
- Fix unexpected trailing .1 in npm release field
[1:10.7.0-3]
- Restore annotations to binaries
- Fix unexpected trailing .1 in release field
[1:10.7.0-2]
- Update to 10.7.0
- https://nodejs.org/en/blog/release/v10.7.0/
- https://nodejs.org/en/blog/release/v10.6.0/
[1:10.5.0-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[1:10.5.0-1]
- Update to 10.5.0
- https://nodejs.org/en/blog/release/v10.5.0/
[1:10.4.1-1]
- Update to 10.4.1 to address security issues
- https://nodejs.org/en/blog/release/v10.4.1/
- Resolves: rhbz#1590801
- Resolves: rhbz#1591014
- Resolves: rhbz#1591019
[1:10.4.0-1]
- Update to 10.4.0
- https://nodejs.org/en/blog/release/v10.4.0/
[1:10.3.0-1]
- Update to 10.3.0
- Update npm to 6.1.0
- https://nodejs.org/en/blog/release/v10.3.0/
[1:10.2.1-2]
- Fix up bare 'python' to be python2
- Drop redundant entry in docs section
[1:10.2.1-1]
- Update to 10.2.1
- https://nodejs.org/en/blog/release/v10.2.1/
[1:10.2.0-1]
- Update to 10.2.0
- https://nodejs.org/en/blog/release/v10.2.0/
[1:10.1.0-3]
- Fix incorrect rpm macro
[1:10.1.0-2]
- Include upstream v8 fix for ppc64[le]
- Disable debug build on ppc64[le] and s390x
[1:10.1.0-1]
- Update to 10.1.0
- https://nodejs.org/en/blog/release/v10.1.0/
- Reenable node_g binary
[1:10.0.0-1]
- Update to 10.0.0
- https://nodejs.org/en/blog/release/v10.0.0/
- Drop workaround patch
- Temporarily drop node_g binary due to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587
[1:9.11.1-2]
- Use standard Fedora linker flags (bug #1543859)
[1:9.11.1-1]
- Update to 9.11.1
- https://nodejs.org/en/blog/release/v9.11.0/
- https://nodejs.org/en/blog/release/v9.11.1/
[1:9.10.0-1]
- Update to 9.10.0
- https://nodejs.org/en/blog/release/v9.10.0/
[1:9.9.0-1]
- Update to 9.9.0
- https://nodejs.org/en/blog/release/v9.9.0/
[1:9.8.0-1]
- Update to 9.8.0
- https://nodejs.org/en/blog/release/v9.8.0/
[1:9.7.0-1]
- Update to 9.7.0
- https://nodejs.org/en/blog/release/v9.7.0/
- Work around F28 build issue
[1:9.6.1-1]
- Update to 9.6.1
- https://nodejs.org/en/blog/release/v9.6.1/
- https://nodejs.org/en/blog/release/v9.6.0/
[1:9.5.0-1]
- Package Node.js 9.5.0
[1:8.9.4-2]
- Fix incorrect Requires:
[1:8.9.4-1]
- Update to 8.9.4
- https://nodejs.org/en/blog/release/v8.9.4/
- Switch to system copy of nghttp2
[1:8.9.3-2]
- Update to 8.9.3
- https://nodejs.org/en/blog/release/v8.9.3/
- https://nodejs.org/en/blog/release/v8.9.2/
[1:8.9.1-2]
- Rebuild for ICU 60.1
[1:8.9.1-1]
- Update to 8.9.1
[1:8.9.0-1]
- Update to 8.9.0
- Drop upstreamed patch
[1:8.8.1-1]
- Update to 8.8.1 to fix a regression
[1:8.8.0-1]
- Security update to 8.8.0
- https://nodejs.org/en/blog/release/v8.8.0/
[1:8.7.0-1]
- Update to 8.7.0
- https://nodejs.org/en/blog/release/v8.7.0/
[1:8.6.0-2]
- Use bcond macro instead of bootstrap conditional
[1:8.6.0-1]
- Fix nghttp2 version
- Update to 8.6.0
- https://nodejs.org/en/blog/release/v8.6.0/
[1:8.5.0-3]
- Build with bootstrap + bundle libuv for modularity
- backport patch for aarch64 debug build
[1:8.5.0-2]
- Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395
[1:8.5.0-1]
- Update to v8.5.0
- https://nodejs.org/en/blog/release/v8.5.0/
[1:8.4.0-2]
- Refactor openssl BR
[1:8.4.0-1]
- Update to v8.4.0
- https://nodejs.org/en/blog/release/v8.4.0/
- http2 is now supported, add bundled nghttp2
- remove openssl 1.0.1 patches, we won't be using them in fedora
[1:8.3.0-1]
- Update to v8.3.0
- https://nodejs.org/en/blog/release/v8.3.0/
- update V8 to 6.0
- update minimal gcc and g++ requirements to 4.9.4
[1:8.2.1-2]
- Bump release to fix broken dependencies
[1:8.2.1-1.2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[1:8.2.1-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[1:8.2.1-1]
- Update to v8.2.1
- https://nodejs.org/en/blog/release/v8.2.1/
[1:8.2.0-1]
- Update to v8.2.0
- https://nodejs.org/en/blog/release/v8.2.0/
- Update npm to 5.3.0
- Adds npx command
[1:8.1.4-3]
- s/BuildRequires/Requires/ for http-parser-devel%{?_isa}
[1:8.1.4-2]
- Rename python-devel to python2-devel
- own %{_pkgdocdir}/npm
[1:8.1.4-1]
- Update to v8.1.4
- https://nodejs.org/en/blog/release/v8.1.4/
- Drop upstreamed c-ares patch
[1:8.1.3-1]
- Update to v8.1.3
- https://nodejs.org/en/blog/release/v8.1.3/
[1:8.1.2-1]
- Update to v8.1.2
- remove GCC 7 patch, as it is now fixed in node >= 6.12
nodejs-nodemon
nodejs-packaging
Updated Packages
| Release/Architecture | Filename | sha256 | Superseded By Advisory | Channel Label |
| Oracle Linux 8 (aarch64) | nodejs-20.18.2-3.module+el8.10.0+90554+a84ccef1.src.rpm | 73de880c47f13b733565cfe0bca0f24eae7d0baaa496b8626461557184e73f2f | - | ol8_aarch64_appstream |
| nodejs-nodemon-3.0.1-1.module+el8.10.0+90554+a84ccef1.src.rpm | 667862ad9e89225115d1fce5a8daac4ee47d3ac7929f5ea307605d6484975568 | - | ol8_aarch64_appstream | |
| nodejs-packaging-2021.06-4.module+el8.10.0+90554+a84ccef1.src.rpm | 856575fbe5926159f75b693a41540ee1293fbad2098eaeb9c87e2c79d2b0e00a | - | ol8_aarch64_appstream | |
| nodejs-20.18.2-3.module+el8.10.0+90554+a84ccef1.aarch64.rpm | b4628f56df26649dc1a833af6045eef0f4fa378b890d4ba8b09506a1e9e3e24f | - | ol8_aarch64_appstream | |
| nodejs-devel-20.18.2-3.module+el8.10.0+90554+a84ccef1.aarch64.rpm | 65da3e62f791ec220144d0314b365c645dedb0187514a7544901b2b5595cd3d4 | - | ol8_aarch64_appstream | |
| nodejs-docs-20.18.2-3.module+el8.10.0+90554+a84ccef1.noarch.rpm | 45a2f301958eecd732e2d06fcc95eb296b73fca240f45d9dd335c2f4cecf4259 | - | ol8_aarch64_appstream | |
| nodejs-full-i18n-20.18.2-3.module+el8.10.0+90554+a84ccef1.aarch64.rpm | 06f2a2bab2c5384f82873670ec349701978638b6360b5fae1e120f40473ce2d0 | - | ol8_aarch64_appstream | |
| nodejs-nodemon-3.0.1-1.module+el8.10.0+90554+a84ccef1.noarch.rpm | e7045fb9f69bc79a9f509820f19fac278f0524b7a899f3ef18438386d60d38c2 | - | ol8_aarch64_appstream | |
| nodejs-packaging-2021.06-4.module+el8.10.0+90554+a84ccef1.noarch.rpm | eade56bc3117a36ea3c3f053efc6e58212c168443187f9da491661588b79899f | - | ol8_aarch64_appstream | |
| nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90554+a84ccef1.noarch.rpm | a0f8520cee3891971e57b60c8e4cf42f346ac3f8fdbca50220343a0d45ccfad3 | - | ol8_aarch64_appstream | |
| npm-10.8.2-1.20.18.2.3.module+el8.10.0+90554+a84ccef1.aarch64.rpm | 60d4231b28b902a3253841abf66bd0eca07269ef2bd0fae7282812feae4a45ce | - | ol8_aarch64_appstream | |
| Oracle Linux 8 (x86_64) | nodejs-20.18.2-3.module+el8.10.0+90554+a84ccef1.src.rpm | 73de880c47f13b733565cfe0bca0f24eae7d0baaa496b8626461557184e73f2f | - | ol8_x86_64_appstream |
| nodejs-nodemon-3.0.1-1.module+el8.10.0+90554+a84ccef1.src.rpm | 667862ad9e89225115d1fce5a8daac4ee47d3ac7929f5ea307605d6484975568 | - | ol8_x86_64_appstream | |
| nodejs-packaging-2021.06-4.module+el8.10.0+90554+a84ccef1.src.rpm | 856575fbe5926159f75b693a41540ee1293fbad2098eaeb9c87e2c79d2b0e00a | - | ol8_x86_64_appstream | |
| nodejs-20.18.2-3.module+el8.10.0+90554+a84ccef1.x86_64.rpm | dc7c609a643b3a806a1f8fe84ef8636910d9eabd9ee9498832c8bc1399bb0e5f | - | ol8_x86_64_appstream | |
| nodejs-devel-20.18.2-3.module+el8.10.0+90554+a84ccef1.x86_64.rpm | c5a22c3b63f6e580b19b048be045dc522e81b4a40ec6b4e7167def02b717e268 | - | ol8_x86_64_appstream | |
| nodejs-docs-20.18.2-3.module+el8.10.0+90554+a84ccef1.noarch.rpm | 45a2f301958eecd732e2d06fcc95eb296b73fca240f45d9dd335c2f4cecf4259 | - | ol8_x86_64_appstream | |
| nodejs-full-i18n-20.18.2-3.module+el8.10.0+90554+a84ccef1.x86_64.rpm | 5da49b5424889a21ca6cc576f9e533d32e1f236f5521e947e160888106959c06 | - | ol8_x86_64_appstream | |
| nodejs-nodemon-3.0.1-1.module+el8.10.0+90554+a84ccef1.noarch.rpm | e7045fb9f69bc79a9f509820f19fac278f0524b7a899f3ef18438386d60d38c2 | - | ol8_x86_64_appstream | |
| nodejs-packaging-2021.06-4.module+el8.10.0+90554+a84ccef1.noarch.rpm | eade56bc3117a36ea3c3f053efc6e58212c168443187f9da491661588b79899f | - | ol8_x86_64_appstream | |
| nodejs-packaging-bundler-2021.06-4.module+el8.10.0+90554+a84ccef1.noarch.rpm | a0f8520cee3891971e57b60c8e4cf42f346ac3f8fdbca50220343a0d45ccfad3 | - | ol8_x86_64_appstream | |
| npm-10.8.2-1.20.18.2.3.module+el8.10.0+90554+a84ccef1.x86_64.rpm | 90bc0b14fa46756e26cd412ed59b10b3c0e168ab22d093bf36025485a5c4316f | - | ol8_x86_64_appstream | |
This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team
