Описание
ELSA-2021-5171: nodejs:16 security, bug fix, and enhancement update (MODERATE)
nodejs [16.13.1-3.0.1]
- Libraries must not be group-writeable. Change node-gyp permission to 0755 [Orabug: 28451433]
[1:16.13.1-3]
- Resolves: RHBZ#2027610
- Add corepack to spec
[1:16.13.1-2]
- Resolves: RHBZ#2027610
- Update npm version test
[1:16.13.1-1]
- Resolves: RHBZ#2027644, RHBZ#2027643, RHBZ#2027638, RHBZ#2027633
- Resolves: RHBZ#2027610
- Rebase to LTS release and to fix multiple low and medium CVEs
nodejs-nodemon [2.0.15-1]
- Resolves: RHBZ#2027630
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module nodejs:16 is enabled
nodejs
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-devel
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-docs
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-full-i18n
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-nodemon
2.0.15-1.module+el8.5.0+20457+52828f44
nodejs-packaging
25-1.module+el8.5.0+20388+4b61e68d
npm
8.1.2-1.16.13.1.3.0.1.module+el8.5.0+20457+52828f44
Oracle Linux x86_64
Module nodejs:16 is enabled
nodejs
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-devel
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-docs
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-full-i18n
16.13.1-3.0.1.module+el8.5.0+20457+52828f44
nodejs-nodemon
2.0.15-1.module+el8.5.0+20457+52828f44
nodejs-packaging
25-1.module+el8.5.0+20388+4b61e68d
npm
8.1.2-1.16.13.1.3.0.1.module+el8.5.0+20457+52828f44
Ссылки на источники
Связанные уязвимости
ELSA-2022-0350: nodejs:14 security, bug fix, and enhancement update (MODERATE)
ELSA-2022-6595: nodejs and nodejs-nodemon security and bug fix update (MODERATE)
This affects the package ini before 1.3.6. If an attacker submits a malicious INI file to an application that parses it with ini.parse, they will pollute the prototype on the application. This can be exploited further depending on the context.