ALSA-2026:1842

[ALSA-2026:1842] Important: nodejs24 security update

Type:

security

Severity:

important

Release date:

2026-02-06

Description:

Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.  

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs24-full-i18n-24.13.0-1.el10_1.aarch64.rpm	31ab670885b6a720a24f25704394dd8b234ec734309a609d07ec1e868052f79b
aarch64	nodejs24-24.13.0-1.el10_1.aarch64.rpm	99ce97392b35cc3e8fdb6e8f9cc700c5eda454964a77f48296361c4dba6423fc
aarch64	nodejs24-libs-24.13.0-1.el10_1.aarch64.rpm	9d1f61c16be283583479b3af7bc7d4f10d6474fdf43e1edf0701f5ec8a43ecb4
aarch64	nodejs24-devel-24.13.0-1.el10_1.aarch64.rpm	c11fb62d2dd4260f090d332b5288802dc145f14838db61904e7ee0a9f57e8e7f
noarch	nodejs24-npm-11.6.2-1.24.13.0.1.el10_1.noarch.rpm	3124f27ac9e1285a726aecbbc047a23ca152293caa72095bbdba52fdf9cad7a9
noarch	nodejs24-docs-24.13.0-1.el10_1.noarch.rpm	d3c3383e0a8620d0d96532e4cabc540398587c29a21017ddf8a1923501b6e001
ppc64le	nodejs24-24.13.0-1.el10_1.ppc64le.rpm	121d752390363cb9236689941f603d2da9f8ef0ee31ab4a9b82714cb3ba06876
ppc64le	nodejs24-libs-24.13.0-1.el10_1.ppc64le.rpm	40ca1fc7da7cf934464f6abecc86f19661c050cb5e839e175bbde394b7371286
ppc64le	nodejs24-full-i18n-24.13.0-1.el10_1.ppc64le.rpm	8874d693f7d5832a588d902e63ca71407954dd0579946a398295a30e1b42e2e7
ppc64le	nodejs24-devel-24.13.0-1.el10_1.ppc64le.rpm	b066930bd93d525f986dd56912708244486292a8bdca6c79eb92a0a361d6bd59
s390x	nodejs24-devel-24.13.0-1.el10_1.s390x.rpm	4c0ab621fac2b8e170aa21f82f2c2481dedd39b7b33029f9dcc714a71de83f1f
s390x	nodejs24-24.13.0-1.el10_1.s390x.rpm	6141a7c188c6ac77564ec48a15d935df7e678375bba98eaea9b28850fc17c839
s390x	nodejs24-full-i18n-24.13.0-1.el10_1.s390x.rpm	bb8a32e293d0e2334888ab85ea52b21c4aa73c5fbc178b9838ffddf16326d1f1
s390x	nodejs24-libs-24.13.0-1.el10_1.s390x.rpm	d3a1bb517faac174633bc82da5a031a44cd50b3b4c9cdc38037a9296f1e6083b
x86_64	nodejs24-libs-24.13.0-1.el10_1.x86_64.rpm	06608b90c31303183bd01252e831ab421c27519d74c19cc5da17d3970270a3b4
x86_64	nodejs24-devel-24.13.0-1.el10_1.x86_64.rpm	3b3f7d15004b01c5c0ffb4af4a6bf2e87d64072e7aeba74bb8d5fdc099a51dfb
x86_64	nodejs24-full-i18n-24.13.0-1.el10_1.x86_64.rpm	971dde51b5a9461867f8d3f8bdca5775c6483975269893017ee40163453549e2
x86_64	nodejs24-24.13.0-1.el10_1.x86_64.rpm	bca271cbbc3421c5cffcff0b87c3268517f0d6761b0e3fa8be0b1bd49e9263b8
x86_64_v2	nodejs24-libs-24.13.0-1.el10_1.x86_64_v2.rpm	6fb15b1990fa17e07277eaca91b11752881e5194d62c1305b8f1c98d3554f979
x86_64_v2	nodejs24-full-i18n-24.13.0-1.el10_1.x86_64_v2.rpm	732148c649e9ff4fcf9d72f748988f5607abcb872e2d124e9fe520d28aaddfc5
x86_64_v2	nodejs24-24.13.0-1.el10_1.x86_64_v2.rpm	8efd878834a6875b79f3139c0004d1b0c067325fc2bc13385b8984b44838ac33
x86_64_v2	nodejs24-devel-24.13.0-1.el10_1.x86_64_v2.rpm	df9f84536ab3ce4cc0a61dbcb3e7640c96517e199191c6061c61926261de6476

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.