ELSA-2020-2852

ULN >
Oracle Linux Errata repository >
ELSA-2020-2852

ELSA-2020-2852 - nodejs:12 security update

Type:	SECURITY
Severity:	IMPORTANT
Release Date:	2020-07-14

Description

nodejs
[12.18.2-1]
- Rebase to 12.18.2

[1:12.18.1-1]
- Rebase
- Spec clean up
- Provide i18n package, bundle icu
- Resolves: RHBZ#1845310, RHBZ#1845691

[1:12.18.0-1]
- Security update to 12.18.0
- Resolves: RHBZ#1845310, RHBZ#1845691

[1:12.16.1-2]
- Fix CVE-2020-10531

[1:12.16.1-1]
- Resolves: RHBZ#1800395, RHBZ#1800396, RHBZ#1800381
- Rebase to 12.16.1

[1:12.14.1-1]
- Rebase to 12.14.1

[1:12.13.1-1]
- Resolves: RHBZ# 1773503, update to 12.13.1
- minor clean up and sync with Fedora spec
- turn off debug builds

[1:12.4.0-2]
- Resolves:RHBZ#1685191
- Add condition to libs

[1:12.4.0-1]
- Update to v12.x
- Add v8-devel and libs subpackages from fedora

[1:10.14.1-2]
- move nodejs-packaging BR out of conditional

[1:10.14.1-1]
- Resolves: RHBZ#1644207
- fixes node-gyp permissions
- rebase

[1:10.11.0-2]
- BuildRequire nodejs-packaging for proper npm dependency generation
- Resolves: rhbz#1615947

[1:10.11.0-1]
- Rebase to 10.11.0
- Import changes from fedora
- Resolves: rhbz#1621766

[1:10.7.0-5]
- Import sources from fedora
- Allow using python2 at %build and %install
- turn off debug for aarch64

[1:10.7.0-4]
- Fix npm upgrade scriptlet
- Fix unexpected trailing .1 in npm release field

[1:10.7.0-3]
- Restore annotations to binaries
- Fix unexpected trailing .1 in release field

[1:10.7.0-2]
- Update to 10.7.0
- https://nodejs.org/en/blog/release/v10.7.0/
- https://nodejs.org/en/blog/release/v10.6.0/

[1:10.5.0-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild

[1:10.5.0-1]
- Update to 10.5.0
- https://nodejs.org/en/blog/release/v10.5.0/

[1:10.4.1-1]
- Update to 10.4.1 to address security issues
- https://nodejs.org/en/blog/release/v10.4.1/
- Resolves: rhbz#1590801
- Resolves: rhbz#1591014
- Resolves: rhbz#1591019

[1:10.4.0-1]
- Update to 10.4.0
- https://nodejs.org/en/blog/release/v10.4.0/

[1:10.3.0-1]
- Update to 10.3.0
- Update npm to 6.1.0
- https://nodejs.org/en/blog/release/v10.3.0/

[1:10.2.1-2]
- Fix up bare 'python' to be python2
- Drop redundant entry in docs section

[1:10.2.1-1]
- Update to 10.2.1
- https://nodejs.org/en/blog/release/v10.2.1/

[1:10.2.0-1]
- Update to 10.2.0
- https://nodejs.org/en/blog/release/v10.2.0/

[1:10.1.0-3]
- Fix incorrect rpm macro

[1:10.1.0-2]
- Include upstream v8 fix for ppc64[le]
- Disable debug build on ppc64[le] and s390x

[1:10.1.0-1]
- Update to 10.1.0
- https://nodejs.org/en/blog/release/v10.1.0/
- Reenable node_g binary

[1:10.0.0-1]
- Update to 10.0.0
- https://nodejs.org/en/blog/release/v10.0.0/
- Drop workaround patch
- Temporarily drop node_g binary due to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587

[1:9.11.1-2]
- Use standard Fedora linker flags (bug #1543859)

[1:9.11.1-1]
- Update to 9.11.1
- https://nodejs.org/en/blog/release/v9.11.0/
- https://nodejs.org/en/blog/release/v9.11.1/

[1:9.10.0-1]
- Update to 9.10.0
- https://nodejs.org/en/blog/release/v9.10.0/

[1:9.9.0-1]
- Update to 9.9.0
- https://nodejs.org/en/blog/release/v9.9.0/

[1:9.8.0-1]
- Update to 9.8.0
- https://nodejs.org/en/blog/release/v9.8.0/

[1:9.7.0-1]
- Update to 9.7.0
- https://nodejs.org/en/blog/release/v9.7.0/
- Work around F28 build issue

[1:9.6.1-1]
- Update to 9.6.1
- https://nodejs.org/en/blog/release/v9.6.1/
- https://nodejs.org/en/blog/release/v9.6.0/

[1:9.5.0-1]
- Package Node.js 9.5.0

[1:8.9.4-2]
- Fix incorrect Requires:

[1:8.9.4-1]
- Update to 8.9.4
- https://nodejs.org/en/blog/release/v8.9.4/
- Switch to system copy of nghttp2

[1:8.9.3-2]
- Update to 8.9.3
- https://nodejs.org/en/blog/release/v8.9.3/
- https://nodejs.org/en/blog/release/v8.9.2/

[1:8.9.1-2]
- Rebuild for ICU 60.1

[1:8.9.1-1]
- Update to 8.9.1

[1:8.9.0-1]
- Update to 8.9.0
- Drop upstreamed patch

[1:8.8.1-1]
- Update to 8.8.1 to fix a regression

[1:8.8.0-1]
- Security update to 8.8.0
- https://nodejs.org/en/blog/release/v8.8.0/

[1:8.7.0-1]
- Update to 8.7.0
- https://nodejs.org/en/blog/release/v8.7.0/

[1:8.6.0-2]
- Use bcond macro instead of bootstrap conditional

[1:8.6.0-1]
- Fix nghttp2 version
- Update to 8.6.0
- https://nodejs.org/en/blog/release/v8.6.0/

[1:8.5.0-3]
- Build with bootstrap + bundle libuv for modularity
- backport patch for aarch64 debug build

[1:8.5.0-2]
- Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395

[1:8.5.0-1]
- Update to v8.5.0
- https://nodejs.org/en/blog/release/v8.5.0/

[1:8.4.0-2]
- Refactor openssl BR

[1:8.4.0-1]
- Update to v8.4.0
- https://nodejs.org/en/blog/release/v8.4.0/
- http2 is now supported, add bundled nghttp2
- remove openssl 1.0.1 patches, we won't be using them in fedora

[1:8.3.0-1]
- Update to v8.3.0
- https://nodejs.org/en/blog/release/v8.3.0/
- update V8 to 6.0
- update minimal gcc and g++ requirements to 4.9.4

[1:8.2.1-2]
- Bump release to fix broken dependencies

[1:8.2.1-1.2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild

[1:8.2.1-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild

[1:8.2.1-1]
- Update to v8.2.1
- https://nodejs.org/en/blog/release/v8.2.1/

[1:8.2.0-1]
- Update to v8.2.0
- https://nodejs.org/en/blog/release/v8.2.0/
- Update npm to 5.3.0
- Adds npx command

[1:8.1.4-3]
- s/BuildRequires/Requires/ for http-parser-devel%{?_isa}

[1:8.1.4-2]
- Rename python-devel to python2-devel
- own %{_pkgdocdir}/npm

[1:8.1.4-1]
- Update to v8.1.4
- https://nodejs.org/en/blog/release/v8.1.4/
- Drop upstreamed c-ares patch

[1:8.1.3-1]
- Update to v8.1.3
- https://nodejs.org/en/blog/release/v8.1.3/

[1:8.1.2-1]
- Update to v8.1.2
- remove GCC 7 patch, as it is now fixed in node >= 6.12

nodejs-nodemon
nodejs-packaging

Related CVEs

Updated Packages

Release/Architecture	Filename	MD5sum	Superseded By Advisory

Oracle Linux 8 (aarch64)	nodejs-12.18.2-1.module+el8.2.0+7636+541a18d0.src.rpm	a80784228d39df486b51a4743bf5cb2c	-
	nodejs-nodemon-1.18.3-1.module+el8.1.0+5393+aaf413e3.src.rpm	4bdbd353e8847519a2f6bca4bc604137	-
	nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.src.rpm	83a9f49d5713cce5b2f6c54a5a8e5ab3	-
	nodejs-12.18.2-1.module+el8.2.0+7636+541a18d0.aarch64.rpm	1c1984dbf8505e0c6b5ecc2f3bd44156	-
	nodejs-devel-12.18.2-1.module+el8.2.0+7636+541a18d0.aarch64.rpm	df60ad83edb90d53a2588bfb03a1ff51	-
	nodejs-docs-12.18.2-1.module+el8.2.0+7636+541a18d0.noarch.rpm	82f69905db0667f3eb14c548fc48cae8	-
	nodejs-full-i18n-12.18.2-1.module+el8.2.0+7636+541a18d0.aarch64.rpm	241490c52455ab673712567faeb328b1	-
	nodejs-nodemon-1.18.3-1.module+el8.1.0+5393+aaf413e3.noarch.rpm	e217a306eb0634249b6ff2dbb2a95b4f	-
	nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm	de10e4eee5c0a2fda020a65a06cab3d7	-
	npm-6.14.5-1.12.18.2.1.module+el8.2.0+7636+541a18d0.aarch64.rpm	f9f0f49a09c2b71f0b42a8049edc3b0c	-

Oracle Linux 8 (x86_64)	nodejs-12.18.2-1.module+el8.2.0+7636+541a18d0.src.rpm	a80784228d39df486b51a4743bf5cb2c	-
	nodejs-nodemon-1.18.3-1.module+el8.1.0+5393+aaf413e3.src.rpm	4bdbd353e8847519a2f6bca4bc604137	-
	nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.src.rpm	83a9f49d5713cce5b2f6c54a5a8e5ab3	-
	nodejs-12.18.2-1.module+el8.2.0+7636+541a18d0.x86_64.rpm	8b276c859c3211b3e839b1610873b65b	-
	nodejs-devel-12.18.2-1.module+el8.2.0+7636+541a18d0.x86_64.rpm	7bd621767c355e6a131a56fb36877a17	-
	nodejs-docs-12.18.2-1.module+el8.2.0+7636+541a18d0.noarch.rpm	82f69905db0667f3eb14c548fc48cae8	-
	nodejs-full-i18n-12.18.2-1.module+el8.2.0+7636+541a18d0.x86_64.rpm	c054b84fcda7317610bf0cdce2eaa340	-
	nodejs-nodemon-1.18.3-1.module+el8.1.0+5393+aaf413e3.noarch.rpm	e217a306eb0634249b6ff2dbb2a95b4f	-
	nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3.noarch.rpm	de10e4eee5c0a2fda020a65a06cab3d7	-
	npm-6.14.5-1.12.18.2.1.module+el8.2.0+7636+541a18d0.x86_64.rpm	31e0f22dcb41363bba2cad0669e2128a	-

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691