ALSA-2026:1843

[ALSA-2026:1843] Important: nodejs22 security update

Type:

security

Severity:

important

Release date:

2026-02-06

Description:

Node.js is a platform built on Chrome's JavaScript runtime \ for easily building fast, scalable network applications. \ Node.js uses an event-driven, non-blocking I/O model that \ makes it lightweight and efficient, perfect for data-intensive \ real-time applications that run across distributed devices.  

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-22.22.0-3.el10_1.aarch64.rpm	125caf7e44f8210fd339a8854aa24ccebb1c5f644c17646b5fc7b40c3474436d
aarch64	nodejs-full-i18n-22.22.0-3.el10_1.aarch64.rpm	276931999f188115be33e60d8cf6198efb32e694e587bca89d4053def4ac7764
aarch64	nodejs-libs-22.22.0-3.el10_1.aarch64.rpm	5829b3ffac386b08bc430bc13b23ca495918bf76ed8a6b0441649c0fb4d9a1e1
aarch64	nodejs-devel-22.22.0-3.el10_1.aarch64.rpm	a6275b8af20a46b4749d7ef52217eadf2ae74665ce74c79c0a389d120ed905e5
aarch64	nodejs-npm-10.9.4-1.22.22.0.3.el10_1.aarch64.rpm	c31ccdc726d8fdc9b35e3301f8afebd892d6f60770e9d74e88948d63f15955e3
noarch	nodejs-docs-22.22.0-3.el10_1.noarch.rpm	9781255dc42b1a9a33716e1fef622457b1de374d5417efed76c1d9c69f85df13
ppc64le	nodejs-npm-10.9.4-1.22.22.0.3.el10_1.ppc64le.rpm	3c901b198e0dafee8f2fe0eab109fcb883f1fb74ebd748f613d8e09ad1ad1e4a
ppc64le	nodejs-devel-22.22.0-3.el10_1.ppc64le.rpm	930a28ef1f7657b844780fdac80675c141831a2167d289777d65575b15a55b2f
ppc64le	nodejs-22.22.0-3.el10_1.ppc64le.rpm	96d214824e4a8e1f53c4c27d3292a8d55a0aff5d2a85a91bf9d07ceb27960a39
ppc64le	nodejs-libs-22.22.0-3.el10_1.ppc64le.rpm	bbcb571dee5cbe3809e81b999a1885a34ea24d722240448b9b701fcfcd25b645
ppc64le	nodejs-full-i18n-22.22.0-3.el10_1.ppc64le.rpm	c4ce8fa82a6924de0333b8dfb28b5d77a8a7c58ec5c3144948b290cb5c7ce768
s390x	nodejs-devel-22.22.0-3.el10_1.s390x.rpm	33defa72cd5897e7cd7e9ce0b32f1214ff354f6417628b703e2860cedc2ddd51
s390x	nodejs-libs-22.22.0-3.el10_1.s390x.rpm	84cce44678f11a889f35ba2741adc68d570a48e765c29a16e42305a60d0b8316
s390x	nodejs-npm-10.9.4-1.22.22.0.3.el10_1.s390x.rpm	bfc3117bf7a677e62904b557320039634fc2f3262e79aac31044b9ce3f526f84
s390x	nodejs-22.22.0-3.el10_1.s390x.rpm	c5f314d9f45df5dd7eaeaa7c56c850bc9b48be21c9d7c7ef9a5556f8982462dd
s390x	nodejs-full-i18n-22.22.0-3.el10_1.s390x.rpm	e7981011292b2ab001c99838ff76a2f767076a229fe15f079404fb61f423ddae
x86_64	nodejs-npm-10.9.4-1.22.22.0.3.el10_1.x86_64.rpm	38e6f8a1f617f5b8e14bb5f606085c062456ca043088c066076f5c720cf157dc
x86_64	nodejs-libs-22.22.0-3.el10_1.x86_64.rpm	603731ec50363ef8a85c4adcf8262e3e94e9e5aa3635fea52ab9a002aa17a239
x86_64	nodejs-22.22.0-3.el10_1.x86_64.rpm	97218d687ecda416d43cca1d1ba9d15e1a954a8f0ea15c44d6d1af7820a47a31
x86_64	nodejs-devel-22.22.0-3.el10_1.x86_64.rpm	bd87dd2588fc508a07753e39adbb84482c49d399cbd8bcd77f5a31ef9b3c407d
x86_64	nodejs-full-i18n-22.22.0-3.el10_1.x86_64.rpm	dabcd442c83d67365e120c031222fe62dcc5a97e5f2a7b8670920c0c53934a5a
x86_64_v2	nodejs-full-i18n-22.22.0-3.el10_1.x86_64_v2.rpm	274e725ac85021a0bfec4270de7a9158780ccdc4d5fb1395db2e13e11a1daa6f
x86_64_v2	nodejs-npm-10.9.4-1.22.22.0.3.el10_1.x86_64_v2.rpm	5c6c5cd6ddd25def798729cd1cc5995111b2ea3876640822eace3868b47bf346
x86_64_v2	nodejs-devel-22.22.0-3.el10_1.x86_64_v2.rpm	7aea9228153ad22266c91ebff831e87a480e0d84e2add6d237e8916c283664dc
x86_64_v2	nodejs-libs-22.22.0-3.el10_1.x86_64_v2.rpm	94c150d33cac60440039ae90e1fd52447083eebd953f7bf3df58635686a6ea61
x86_64_v2	nodejs-22.22.0-3.el10_1.x86_64_v2.rpm	f4e63086a4d9f09c67d80a5be060ef22f8e72ed1720524bb8306f3648cb88d5a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.