Lucene search
OracleLinuxELSA-2020-0579HistoryFeb 26, 2020 - 12:00 a.m.
nodejs:10 security update
2020-02-2600:00:00
linux.oracle.com
22
0.097 Low
EPSS
Percentile
94.8%
nodejs
[1:10.19.0-1]
- Rebase to 10.19.0 to fix CVE-2019-15604 to CVE-2019-15606
[1:10.16.3-1] - Rebase to 10.16.3 to fix CVE-2019-9511 to CVE-2019-9518
[1:10.14.1-1] - Resolves: RHBZ#1644207
- fixes node-gyp permissions
- rebase
[1:10.11.0-2] - BuildRequire nodejs-packaging for proper npm dependency generation
- Resolves: rhbz#1615947
[1:10.11.0-1] - Rebase to 10.11.0
- Import changes from fedora
- Resolves: rhbz#1621766
[1:10.7.0-5] - Import sources from fedora
- Allow using python2 at %build and %install
- turn off debug for aarch64
[1:10.7.0-4] - Fix npm upgrade scriptlet
- Fix unexpected trailing .1 in npm release field
[1:10.7.0-3] - Restore annotations to binaries
- Fix unexpected trailing .1 in release field
[1:10.7.0-2] - Update to 10.7.0
- https://nodejs.org/en/blog/release/v10.7.0/
- https://nodejs.org/en/blog/release/v10.6.0/
[1:10.5.0-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_29_Mass_Rebuild
[1:10.5.0-1] - Update to 10.5.0
- https://nodejs.org/en/blog/release/v10.5.0/
[1:10.4.1-1] - Update to 10.4.1 to address security issues
- https://nodejs.org/en/blog/release/v10.4.1/
- Resolves: rhbz#1590801
- Resolves: rhbz#1591014
- Resolves: rhbz#1591019
[1:10.4.0-1] - Update to 10.4.0
- https://nodejs.org/en/blog/release/v10.4.0/
[1:10.3.0-1] - Update to 10.3.0
- Update npm to 6.1.0
- https://nodejs.org/en/blog/release/v10.3.0/
[1:10.2.1-2] - Fix up bare ‘python’ to be python2
- Drop redundant entry in docs section
[1:10.2.1-1] - Update to 10.2.1
- https://nodejs.org/en/blog/release/v10.2.1/
[1:10.2.0-1] - Update to 10.2.0
- https://nodejs.org/en/blog/release/v10.2.0/
[1:10.1.0-3] - Fix incorrect rpm macro
[1:10.1.0-2] - Include upstream v8 fix for ppc64[le]
- Disable debug build on ppc64[le] and s390x
[1:10.1.0-1] - Update to 10.1.0
- https://nodejs.org/en/blog/release/v10.1.0/
- Reenable node_g binary
[1:10.0.0-1] - Update to 10.0.0
- https://nodejs.org/en/blog/release/v10.0.0/
- Drop workaround patch
- Temporarily drop node_g binary due to
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85587
[1:9.11.1-2] - Use standard Fedora linker flags (bug #1543859)
[1:9.11.1-1] - Update to 9.11.1
- https://nodejs.org/en/blog/release/v9.11.0/
- https://nodejs.org/en/blog/release/v9.11.1/
[1:9.10.0-1] - Update to 9.10.0
- https://nodejs.org/en/blog/release/v9.10.0/
[1:9.9.0-1] - Update to 9.9.0
- https://nodejs.org/en/blog/release/v9.9.0/
[1:9.8.0-1] - Update to 9.8.0
- https://nodejs.org/en/blog/release/v9.8.0/
[1:9.7.0-1] - Update to 9.7.0
- https://nodejs.org/en/blog/release/v9.7.0/
- Work around F28 build issue
[1:9.6.1-1] - Update to 9.6.1
- https://nodejs.org/en/blog/release/v9.6.1/
- https://nodejs.org/en/blog/release/v9.6.0/
[1:9.5.0-1] - Package Node.js 9.5.0
[1:8.9.4-2] - Fix incorrect Requires:
[1:8.9.4-1] - Update to 8.9.4
- https://nodejs.org/en/blog/release/v8.9.4/
- Switch to system copy of nghttp2
[1:8.9.3-2] - Update to 8.9.3
- https://nodejs.org/en/blog/release/v8.9.3/
- https://nodejs.org/en/blog/release/v8.9.2/
[1:8.9.1-2] - Rebuild for ICU 60.1
[1:8.9.1-1] - Update to 8.9.1
[1:8.9.0-1] - Update to 8.9.0
- Drop upstreamed patch
[1:8.8.1-1] - Update to 8.8.1 to fix a regression
[1:8.8.0-1] - Security update to 8.8.0
- https://nodejs.org/en/blog/release/v8.8.0/
[1:8.7.0-1] - Update to 8.7.0
- https://nodejs.org/en/blog/release/v8.7.0/
[1:8.6.0-2] - Use bcond macro instead of bootstrap conditional
[1:8.6.0-1] - Fix nghttp2 version
- Update to 8.6.0
- https://nodejs.org/en/blog/release/v8.6.0/
[1:8.5.0-3] - Build with bootstrap + bundle libuv for modularity
- backport patch for aarch64 debug build
[1:8.5.0-2] - Disable debug builds on aarch64 due to https://github.com/nodejs/node/issues/15395
[1:8.5.0-1] - Update to v8.5.0
- https://nodejs.org/en/blog/release/v8.5.0/
[1:8.4.0-2] - Refactor openssl BR
[1:8.4.0-1] - Update to v8.4.0
- https://nodejs.org/en/blog/release/v8.4.0/
- http2 is now supported, add bundled nghttp2
- remove openssl 1.0.1 patches, we won’t be using them in fedora
[1:8.3.0-1] - Update to v8.3.0
- https://nodejs.org/en/blog/release/v8.3.0/
- update V8 to 6.0
- update minimal gcc and g++ requirements to 4.9.4
[1:8.2.1-2] - Bump release to fix broken dependencies
[1:8.2.1-1.2] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
[1:8.2.1-1.1] - Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
[1:8.2.1-1] - Update to v8.2.1
- https://nodejs.org/en/blog/release/v8.2.1/
[1:8.2.0-1] - Update to v8.2.0
- https://nodejs.org/en/blog/release/v8.2.0/
- Update npm to 5.3.0
- Adds npx command
[1:8.1.4-3] - s/BuildRequires/Requires/ for http-parser-devel%{?_isa}
[1:8.1.4-2] - Rename python-devel to python2-devel
- own %{_pkgdocdir}/npm
[1:8.1.4-1] - Update to v8.1.4
- https://nodejs.org/en/blog/release/v8.1.4/
- Drop upstreamed c-ares patch
[1:8.1.3-1] - Update to v8.1.3
- https://nodejs.org/en/blog/release/v8.1.3/
[1:8.1.2-1] - Update to v8.1.2
- remove GCC 7 patch, as it is now fixed in node >= 6.12
nodejs-nodemon
nodejs-packaging
Related
nessus
nessus
SUSE SLES12 Security Update : nodejs12 (SUSE-SU-2020:0429-1)
2020-02-24 00:00:00
CentOS 8 : nodejs:10 (CESA-2020:0579)
2021-02-01 00:00:00
RHEL 7 : rh-nodejs12-nodejs (RHSA-2020:0602)
2023-01-23 00:00:00
rocky
rocky
nodejs:10 security update
2020-02-25 07:57:02
12 enhancement update
2020-02-04 08:35:22
nodejs:12 security update
2020-02-25 13:06:23
redhat
redhat
(RHSA-2020:0573) Important: nodejs:10 security update
2020-02-24 12:24:24
(RHSA-2020:0579) Important: nodejs:10 security update
2020-02-25 07:57:02
(RHSA-2020:0602) Important: rh-nodejs12-nodejs security update
2020-02-25 15:14:08
almalinux
almalinux
Important: nodejs:10 security update
2020-02-25 07:57:02
Important: nodejs:12 security update
2020-02-25 13:06:23
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:0429-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0247-1)
2021-06-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0455-1)
2021-04-19 00:00:00
osv
osv
Important: nodejs:10 security update
2020-02-25 07:57:02
Important: nodejs:10 security update
2020-02-25 07:57:02
nodejs:12 enhancement update
2020-02-04 08:35:22
ibm
ibm
Security Bulletin: IBM API Connect is impacted by vulnerabilities in Node.js(CVE-2019-15604, CVE-2019-15605, CVE-2019-15606)
2020-05-11 18:05:54
Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management
2022-07-21 13:27:03
Security Bulletin: Vulnerability in npm affects IBM VM Recovery Manager HA
2021-07-30 21:03:51
oraclelinux
oraclelinux
nodejs:12 security update
2020-02-26 00:00:00
nodejs:10 security update
2020-04-15 00:00:00
http-parser security update
2020-03-06 00:00:00
suse
suse
Security update for nodejs8 (important)
2020-01-15 00:00:00
Security update for nodejs8 (important)
2020-03-03 00:00:00
freebsd
freebsd
NPM -- Multiple vulnerabilities
2019-12-18 00:00:00
Node.js -- multiple vulnerabilities
2020-02-06 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package node version 13.8.0-alt1
2020-02-11 00:00:00
Security fix for the ALT Linux 9 package node version 13.8.0-alt1
2020-02-11 00:00:00
nodejsblog
nodejsblog
February 2020 Security Releases
2020-02-06 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2020-0060
2020-02-23 00:00:00
Critical Photon OS Security Update - PHSA-2020-3.0-0060
2020-02-23 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: libuv-1.34.1-1.fc31
2020-01-24 17:08:56
[SECURITY] Fedora 31 Update: nodejs-12.14.1-3.fc31
2020-01-24 17:08:57
[SECURITY] Fedora 30 Update: nghttp2-1.40.0-1.fc30
2020-02-23 01:09:35
mageia
mageia
Updated nodejs packages fix security vulnerabilities
2020-09-27 23:06:37
Updated http-parser packages fix security vulnerability
2020-03-09 01:37:31
debian
debian
[SECURITY] [DSA 4669-1] nodejs security update
2020-04-29 21:05:57
ubuntu
ubuntu
Node.js vulnerabilities
2023-09-19 00:00:00
prion
prion
Code injection
2019-12-13 01:15:00
Code injection
2019-12-13 01:15:00
Input validation
2020-02-07 15:15:00
nvd
nvd
github
github
Arbitrary File Write in npm
2019-12-13 15:39:19
npm Vulnerable to Global node_modules Binary Overwrite
2019-12-13 15:39:32
npm symlink reference outside of node_modules
2019-12-13 15:39:26
redhatcve
redhatcve
hackerone
hackerone
Node.js: Remotely trigger an assertion on a TLS server with a malformed certificate string
2019-11-26 16:10:02
Node.js: HTTP header values do not have trailing OWS trimmed
2019-11-06 17:46:12
Node.js: HTTP request smuggling using malformed Transfer-Encoding header
2019-11-12 01:11:47
cvelist
cvelist
CVE-2019-16777 Arbitrary File Overwrite in npm CLI
2019-12-13 01:00:21
veracode
veracode
Arbitrary File Overwrite
2019-12-12 03:16:20
Unauthorized File Access
2019-12-12 02:26:11
Arbitrary File Overwrite
2020-01-08 02:22:48
ubuntucve
ubuntucve
cve
cve
debiancve
debiancve
symantec
symantec
npm CLI CVE-2019-16776 Arbitrary File Write Vulnerability
2019-12-11 00:00:00
alpinelinux
alpinelinux
amazon
amazon
Important: http-parser
2020-05-05 01:12:00
centos
centos
http security update
2020-03-04 21:38:41
cloudfoundry
cloudfoundry
CVE-2019-15605: Node.js is vulnerable to request smuggling | Cloud Foundry
2020-03-09 00:00:00