Описание
ELSA-2024-5815: nodejs:20 security update (MODERATE)
nodejs [1:20.16.0-1]
- Update to 20.16.0 Fixes: CVE-2024-36137 CVE-2024-22018 CVE-2024-22020
nodejs-nodemon nodejs-packaging
Обновленные пакеты
Oracle Linux 9
Oracle Linux aarch64
Module nodejs:20 is enabled
nodejs
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-devel
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-docs
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-full-i18n
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-nodemon
3.0.1-1.module+el9.3.0+90066+12d4a8d7
nodejs-packaging
2021.06-4.module+el9.3.0+90066+12d4a8d7
nodejs-packaging-bundler
2021.06-4.module+el9.3.0+90066+12d4a8d7
npm
10.8.1-1.20.16.0.1.module+el9.4.0+90390+ec2aa9c0
Oracle Linux x86_64
Module nodejs:20 is enabled
nodejs
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-devel
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-docs
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-full-i18n
20.16.0-1.module+el9.4.0+90390+ec2aa9c0
nodejs-nodemon
3.0.1-1.module+el9.3.0+90066+12d4a8d7
nodejs-packaging
2021.06-4.module+el9.3.0+90066+12d4a8d7
nodejs-packaging-bundler
2021.06-4.module+el9.3.0+90066+12d4a8d7
npm
10.8.1-1.20.16.0.1.module+el9.4.0+90390+ec2aa9c0
Связанные CVE
Связанные уязвимости
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.
A vulnerability has been identified in Node.js, affecting users of the experimental permission model when the --allow-fs-write flag is used. Node.js Permission Model do not operate on file descriptors, however, operations such as fs.fchown or fs.fchmod can use a "read-only" file descriptor to change the owner and permissions of a file.