Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

oracle-oval логотип

ELSA-2025-4459

Опубликовано: 05 мая 2025
Источник: oracle-oval
Платформа: Oracle Linux 8

Описание

ELSA-2025-4459: nodejs:22 security update (IMPORTANT)

nodejs [1:22.15.0-1]

  • Update to 22.15.0
  • Drop upstream patches

[1:22.13.1-4]

  • Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300

[1:22.13.1-3]

  • Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86581

Обновленные пакеты

Oracle Linux 8

Oracle Linux aarch64

Module nodejs:22 is enabled

nodejs

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-devel

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-docs

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-full-i18n

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-libs

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-nodemon

3.0.1-1.module+el8.10.0+90558+f3d29a46

nodejs-packaging

2021.06-4.module+el8.10.0+90558+f3d29a46

nodejs-packaging-bundler

2021.06-4.module+el8.10.0+90558+f3d29a46

npm

10.9.2-1.22.15.0.1.module+el8.10.0+90558+f3d29a46

v8-12.4-devel

12.4.254.21-1.22.15.0.1.module+el8.10.0+90558+f3d29a46

Oracle Linux x86_64

Module nodejs:22 is enabled

nodejs

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-devel

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-docs

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-full-i18n

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-libs

22.15.0-1.module+el8.10.0+90558+f3d29a46

nodejs-nodemon

3.0.1-1.module+el8.10.0+90558+f3d29a46

nodejs-packaging

2021.06-4.module+el8.10.0+90558+f3d29a46

nodejs-packaging-bundler

2021.06-4.module+el8.10.0+90558+f3d29a46

npm

10.9.2-1.22.15.0.1.module+el8.10.0+90558+f3d29a46

v8-12.4-devel

12.4.254.21-1.22.15.0.1.module+el8.10.0+90558+f3d29a46

Связанные CVE

CVE-2025-3277
CVE-2025-31498

Ссылки на источники

Связанные уязвимости

oracle-oval логотип

ELSA-2025-7433

oracle-oval
28 дней назад

ELSA-2025-7433: nodejs:22 security update (IMPORTANT)

ubuntu логотип

CVE-2025-3277

ubuntu
2 месяца назад

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

redhat логотип

CVE-2025-3277

CVSS3: 7.3
redhat
2 месяца назад

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

nvd логотип

CVE-2025-3277

nvd
2 месяца назад

An integer overflow can be triggered in SQLite’s `concat_ws()` function. The resulting, truncated integer is then used to allocate a buffer. When SQLite then writes the resulting string to the buffer, it uses the original, untruncated size and thus a wild Heap Buffer overflow of size ~4GB can be triggered. This can result in arbitrary code execution.

debian логотип

CVE-2025-3277

debian
2 месяца назад

An integer overflow can be triggered in SQLite\u2019s `concat_ws()` fu ...