ELSA-2023-5849

ELSA-2023-5849 - 18 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2023-10-20

Description

nodejs
[1:18.18.2-2]
- Rebase to version 18.18.2
Resolves: CVE-2023-44487 CVE-2023-45143 CVE-2023-38552 CVE-2023-39333

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

nodejs-packaging
[2021.06-4]
- NPM bundler: also find namespaced bundled dependencies

[2021.06-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

[2021.06-2]
- Fix hard-coded output directory in the bundler

[2021.06-1]
- Update to 2021.06-1
- bundler: Handle archaic license metadata
- bundler: Warn about bundled dependencies with no license metadata

[2021.01-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[2021.01-2]
- nodejs-packaging-bundler improvements to handle uncommon characters

[2021.01]
- Add nodejs-packaging-bundler and update README.md

[2020.09-1]
- Move to dist-git as the upstream

[25-1]
- Fix incorrect bundled library detection for Requires

[24-1]
- Check node_modules_prod for bundled dependencies

[23-4]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild

[23-3]
- Drop Requires: nodejs(engine)

[23-2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild

Related CVEs

CVE-2023-44487

CVE-2023-39333

CVE-2023-38552

CVE-2023-45143

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label
Oracle Linux 9 (aarch64)	nodejs-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.src.rpm	fff8625f0ddd918745b7c7561cdee404cbfb7398007fb2212964e9aafaf4185e	-	ol9_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.2.0+21169+1d24b6cc.src.rpm	1e253d0577ae18001cdc8171a8bf269deb98c917419943a436ac2ddb176e91da	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.src.rpm	d29ffa805fe31f34ff0b352ea25467b0aa4f086b325f14277b63ad6b8bb5976e	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.src.rpm	d29ffa805fe31f34ff0b352ea25467b0aa4f086b325f14277b63ad6b8bb5976e	-	ol9_aarch64_appstream_developer
	nodejs-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.aarch64.rpm	8d4a2b9f8d7b7b6ea08f3cce58defdaf16c88e908440ff698870d35a1b8b9722	-	ol9_aarch64_appstream
	nodejs-devel-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.aarch64.rpm	4f521306aacfa2d448ff50f199388adb2ac6b48fcda30e242bf7b93f8dfdc86d	-	ol9_aarch64_appstream
	nodejs-docs-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.noarch.rpm	d1849a6fc82ab4ce704656241c990eaad903261af16797cf8f58a00746ae8d39	-	ol9_aarch64_appstream
	nodejs-full-i18n-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.aarch64.rpm	6d060b262eb08b0317654b98318f3b7aa7a470cd75b6fc7195d4d8110efded27	-	ol9_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.2.0+21169+1d24b6cc.noarch.rpm	82fea228ae2e2b7bacf8dba3b78c8319f1c09258ab70057fd54223e78b6163fc	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	1559878adeb1212c5ec7c0b3e1d8f694bc374f2b4bdb4a9de0ed05a7e0606024	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	1559878adeb1212c5ec7c0b3e1d8f694bc374f2b4bdb4a9de0ed05a7e0606024	-	ol9_aarch64_appstream_developer
	nodejs-packaging-bundler-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	c2ef28876ea1e6ce893ef979443e5a33affd82a556c2a10e97364b88269524db	-	ol9_aarch64_appstream
	nodejs-packaging-bundler-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	c2ef28876ea1e6ce893ef979443e5a33affd82a556c2a10e97364b88269524db	-	ol9_aarch64_appstream_developer
	npm-9.8.1-1.18.18.2.2.module+el9.2.0+21194+c0bbf6cf.aarch64.rpm	0e428832da4ca87435086eb9297dbca1c5d9fbc0d3548bf0bb0064451a18367f	-	ol9_aarch64_appstream
Oracle Linux 9 (x86_64)	nodejs-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.src.rpm	fff8625f0ddd918745b7c7561cdee404cbfb7398007fb2212964e9aafaf4185e	-	ol9_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.2.0+21169+1d24b6cc.src.rpm	1e253d0577ae18001cdc8171a8bf269deb98c917419943a436ac2ddb176e91da	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.src.rpm	d29ffa805fe31f34ff0b352ea25467b0aa4f086b325f14277b63ad6b8bb5976e	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.src.rpm	d29ffa805fe31f34ff0b352ea25467b0aa4f086b325f14277b63ad6b8bb5976e	-	ol9_x86_64_appstream_developer
	nodejs-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.x86_64.rpm	8fa7dd0b34ab39545d392ac71d61c968058883e2ea8fca235dd39277decfff49	-	ol9_x86_64_appstream
	nodejs-devel-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.x86_64.rpm	b19e8ac4a9f55ae2b48b4e1be8bb22bc40b5b9bb3652b49cec4944487d5d024c	-	ol9_x86_64_appstream
	nodejs-docs-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.noarch.rpm	d1849a6fc82ab4ce704656241c990eaad903261af16797cf8f58a00746ae8d39	-	ol9_x86_64_appstream
	nodejs-full-i18n-18.18.2-2.module+el9.2.0+21194+c0bbf6cf.x86_64.rpm	3a7df41d3ac02d710301675e0ad18373063a749dd3f553ba810529d2e64b5302	-	ol9_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.2.0+21169+1d24b6cc.noarch.rpm	82fea228ae2e2b7bacf8dba3b78c8319f1c09258ab70057fd54223e78b6163fc	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	1559878adeb1212c5ec7c0b3e1d8f694bc374f2b4bdb4a9de0ed05a7e0606024	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	1559878adeb1212c5ec7c0b3e1d8f694bc374f2b4bdb4a9de0ed05a7e0606024	-	ol9_x86_64_appstream_developer
	nodejs-packaging-bundler-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	c2ef28876ea1e6ce893ef979443e5a33affd82a556c2a10e97364b88269524db	-	ol9_x86_64_appstream
	nodejs-packaging-bundler-2021.06-4.module+el9.1.0+20762+f52d7401.noarch.rpm	c2ef28876ea1e6ce893ef979443e5a33affd82a556c2a10e97364b88269524db	-	ol9_x86_64_appstream_developer
	npm-9.8.1-1.18.18.2.2.module+el9.2.0+21194+c0bbf6cf.x86_64.rpm	0567639134a6e1168d567837d0000564de0ec00fa9a8b9adca78653377c41d4c	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team