[ELSA-2020-0579] nodejs:10 security update
nodejs
[1:10.19.0-1]
- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
[1:10.16.3-1]
- Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
[1:10.14.1-1]
- Resolves: RHBZ#1644207
- fixes node-gyp permissions
- rebase
[1:10.11.0-2]
- BuildRequire nodejs-packaging for proper npm dependency generation
- Resolves: rhbz#1615947
[1:10.11.0-1]
- Rebase to 10.11.0
- Import changes from fedora
- Resolves: rhbz#1621766
[1:10.7.0-5]
- Import sources from fedora
- Allow using python2 at %build and %install
- turn off debug for aarch64
[1:10.7.0-4]
- Fix npm upgrade scriptlet
- Fix unexpected trailing .1 in npm release field
[1:10.7.0-3]
- Restore annotations to binaries
- Fix unexpected trailing .1 in release field
[1:10.7.0-2]
- Update to 10.7.0
- https://nodejs.org/en/blog/release/v10.7.0/
- https://nodejs.org/en/blog/release/v10.6.0/
[1:10.5.0-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[1:10.5.0-1]
- Update to 10.5.0
- https://nodejs.org/en/blog/release/v10.5.0/
[1:10.4.1-1]
- Update to 10.4.1 to address security issues
- https://nodejs.org/en/blog/release/v10.4.1/
- Resolves: rhbz#1590801
- Resolves: rhbz#1591014
- Resolves: rhbz#1591019
[1:10.4.0-1]
- Update to 10.4.0
- https://nodejs.org/en/blog/release/v10.4.0/
[1:10.3.0-1]
- Update to 10.3.0
- Update npm to 6.1.0
- https://nodejs.org/en/blog/release/v10.3.0/
[1:10.2.1-2]
- Fix up bare 'python' to be python2
- Drop redundant entry in docs section
[1:10.2.1-1]
- Update to 10.2.1
- https://nodejs.org/en/blog/release/v10.2.1/
[1:10.2.0-1]
- Update to 10.2.0
- https://nodejs.org/en/blog/release/v10.2.0/
[1:10.1.0-3]
- Fix incorrect rpm macro
[1:10.1.0-2]
- Include upstream v8 fix for ppc64[le]
- Disable debug build on ppc64[le] and s390x
[1:10.1.0-1]
- Update to 10.1.0
- https://nodejs.org/en/blog/release/v10.1.0/
- Reenable node_g binary
[1:10.0.0-1]
- Update to 10.0.0
- https://nodejs.org/en/blog/release/v10.0.0/
- Drop workaround patch
- Temporarily drop node_g binary due to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587
[1:9.11.1-2]
- Use standard Fedora linker flags (bug #1543859)
[1:9.11.1-1]
- Update to 9.11.1
- https://nodejs.org/en/blog/release/v9.11.0/
- https://nodejs.org/en/blog/release/v9.11.1/
[1:9.10.0-1]
- Update to 9.10.0
- https://nodejs.org/en/blog/release/v9.10.0/
[1:9.9.0-1]
- Update to 9.9.0
- https://nodejs.org/en/blog/release/v9.9.0/
[1:9.8.0-1]
- Update to 9.8.0
- https://nodejs.org/en/blog/release/v9.8.0/
[1:9.7.0-1]
- Update to 9.7.0
- https://nodejs.org/en/blog/release/v9.7.0/
- Work around F28 build issue
[1:9.6.1-1]
- Update to 9.6.1
- https://nodejs.org/en/blog/release/v9.6.1/
- https://nodejs.org/en/blog/release/v9.6.0/
[1:9.5.0-1]
- Package Node.js 9.5.0
[1:8.9.4-2]
- Fix incorrect Requires:
[1:8.9.4-1]
- Update to 8.9.4
- https://nodejs.org/en/blog/release/v8.9.4/
- Switch to system copy of nghttp2
[1:8.9.3-2]
- Update to 8.9.3
- https://nodejs.org/en/blog/release/v8.9.3/
- https://nodejs.org/en/blog/release/v8.9.2/
[1:8.9.1-2]
- Rebuild for ICU 60.1
[1:8.9.1-1]
- Update to 8.9.1
[1:8.9.0-1]
- Update to 8.9.0
- Drop upstreamed patch
[1:8.8.1-1]
- Update to 8.8.1 to fix a regression
[1:8.8.0-1]
- Security update to 8.8.0
- https://nodejs.org/en/blog/release/v8.8.0/
[1:8.7.0-1]
- Update to 8.7.0
- https://nodejs.org/en/blog/release/v8.7.0/
[1:8.6.0-2]
- Use bcond macro instead of bootstrap conditional
[1:8.6.0-1]
- Fix nghttp2 version
- Update to 8.6.0
- https://nodejs.org/en/blog/release/v8.6.0/
[1:8.5.0-3]
- Build with bootstrap + bundle libuv for modularity
- backport patch for aarch64 debug build
[1:8.5.0-2]
- Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395
[1:8.5.0-1]
- Update to v8.5.0
- https://nodejs.org/en/blog/release/v8.5.0/
[1:8.4.0-2]
- Refactor openssl BR
[1:8.4.0-1]
- Update to v8.4.0
- https://nodejs.org/en/blog/release/v8.4.0/
- http2 is now supported, add bundled nghttp2
- remove openssl 1.0.1 patches, we won't be using them in fedora
[1:8.3.0-1]
- Update to v8.3.0
- https://nodejs.org/en/blog/release/v8.3.0/
- update V8 to 6.0
- update minimal gcc and g++ requirements to 4.9.4
[1:8.2.1-2]
- Bump release to fix broken dependencies
[1:8.2.1-1.2]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[1:8.2.1-1.1]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[1:8.2.1-1]
- Update to v8.2.1
- https://nodejs.org/en/blog/release/v8.2.1/
[1:8.2.0-1]
- Update to v8.2.0
- https://nodejs.org/en/blog/release/v8.2.0/
- Update npm to 5.3.0
- Adds npx command
[1:8.1.4-3]
- s/BuildRequires/Requires/ for http-parser-devel%{?_isa}
[1:8.1.4-2]
- Rename python-devel to python2-devel
- own %{_pkgdocdir}/npm
[1:8.1.4-1]
- Update to v8.1.4
- https://nodejs.org/en/blog/release/v8.1.4/
- Drop upstreamed c-ares patch
[1:8.1.3-1]
- Update to v8.1.3
- https://nodejs.org/en/blog/release/v8.1.3/
[1:8.1.2-1]
- Update to v8.1.2
- remove GCC 7 patch, as it is now fixed in node >= 6.12
nodejs-nodemon
nodejs-packaging
Package | Affected Version |
---|---|
pkg:rpm/oraclelinux/npm?distro=oraclelinux-8.1 | < 6.13.4-1.10.19.0.1.module+el8.1.0+5552+3cab52c0 |
pkg:rpm/oraclelinux/nodejs?distro=oraclelinux-8.1 | < 10.19.0-1.module+el8.1.0+5552+3cab52c0 |
pkg:rpm/oraclelinux/nodejs-packaging?distro=oraclelinux-8.1 | < 17-3.module+el8.1.0+5392+4d6b561f |
pkg:rpm/oraclelinux/nodejs-nodemon?distro=oraclelinux-8.1 | < 1.18.3-1.module+el8.1.0+5392+4d6b561f |
pkg:rpm/oraclelinux/nodejs-docs?distro=oraclelinux-8.1 | < 10.19.0-1.module+el8.1.0+5552+3cab52c0 |
pkg:rpm/oraclelinux/nodejs-devel?distro=oraclelinux-8.1 | < 10.19.0-1.module+el8.1.0+5552+3cab52c0 |
- ID
- ELSA-2020-0579
- Severity
- important
- URL
- https://linux.oracle.com/errata/ELSA-2020-0579.html
- Published
-
2020-02-26T00:00:00
(4 years ago) - Modified
-
2020-02-26T00:00:00
(4 years ago) - Rights
- Copyright 2020 Oracle, Inc.
- Other Advisories
-
- ALAS-2020-1359
- ALAS2-2020-1417
- ALEA-2020:0330
- ALPINE:CVE-2019-15604
- ALPINE:CVE-2019-15605
- ALPINE:CVE-2019-15606
- ALSA-2020:0579
- ALSA-2020:0598
- DSA-4669-1
- ELSA-2020-0598
- ELSA-2020-0703
- ELSA-2020-0708
- FEDORA-2020-3838c8ea98
- FEDORA-2020-47efc31973
- FEDORA-2020-595ce5e3cc
- FREEBSD:0032400F-624F-11EA-B495-000D3AB229D6
- FREEBSD:2A3588B4-AB12-11EA-A051-001B217B3468
- GLSA-202003-48
- NPM:GHSA-4328-8HGF-7WJR
- NPM:GHSA-M6CX-G6QM-P2CX
- NPM:GHSA-X8QC-RRCW-4R46
- openSUSE-SU-2020:0059-1
- openSUSE-SU-2020:0293-1
- RHEA-2020:0330
- RHSA-2020:0579
- RHSA-2020:0598
- RHSA-2020:0703
- RHSA-2020:0708
- RLEA-2020:0330
- RLSA-2020:0579
- RLSA-2020:0598
- SUSE-SU-2020:0043-1
- SUSE-SU-2020:0063-1
- SUSE-SU-2020:0104-1
- SUSE-SU-2020:0247-1
- SUSE-SU-2020:0427-1
- SUSE-SU-2020:0429-1
- SUSE-SU-2020:0454-1
- SUSE-SU-2020:0455-1
- SUSE-SU-2020:0488-1
- USN-6380-1
Source | # ID | Name | URL |
---|---|---|---|
elsa | ELSA-2020-0579 | https://linux.oracle.com/errata/ELSA-2020-0579.html | |
CVE | CVE-2019-15604 | https://linux.oracle.com/cve/CVE-2019-15604.html | |
CVE | CVE-2019-15605 | https://linux.oracle.com/cve/CVE-2019-15605.html | |
CVE | CVE-2019-15606 | https://linux.oracle.com/cve/CVE-2019-15606.html | |
CVE | CVE-2019-16776 | https://linux.oracle.com/cve/CVE-2019-16776.html | |
CVE | CVE-2019-16775 | https://linux.oracle.com/cve/CVE-2019-16775.html | |
CVE | CVE-2019-16777 | https://linux.oracle.com/cve/CVE-2019-16777.html |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/oraclelinux/npm?distro=oraclelinux-8.1 | oraclelinux | npm | < 6.13.4-1.10.19.0.1.module+el8.1.0+5552+3cab52c0 | oraclelinux-8.1 | ||
Affected | pkg:rpm/oraclelinux/nodejs?distro=oraclelinux-8.1 | oraclelinux | nodejs | < 10.19.0-1.module+el8.1.0+5552+3cab52c0 | oraclelinux-8.1 | ||
Affected | pkg:rpm/oraclelinux/nodejs-packaging?distro=oraclelinux-8.1 | oraclelinux | nodejs-packaging | < 17-3.module+el8.1.0+5392+4d6b561f | oraclelinux-8.1 | ||
Affected | pkg:rpm/oraclelinux/nodejs-nodemon?distro=oraclelinux-8.1 | oraclelinux | nodejs-nodemon | < 1.18.3-1.module+el8.1.0+5392+4d6b561f | oraclelinux-8.1 | ||
Affected | pkg:rpm/oraclelinux/nodejs-docs?distro=oraclelinux-8.1 | oraclelinux | nodejs-docs | < 10.19.0-1.module+el8.1.0+5552+3cab52c0 | oraclelinux-8.1 | ||
Affected | pkg:rpm/oraclelinux/nodejs-devel?distro=oraclelinux-8.1 | oraclelinux | nodejs-devel | < 10.19.0-1.module+el8.1.0+5552+3cab52c0 | oraclelinux-8.1 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |