ALSA-2025:1351

[ALSA-2025:1351] Important: nodejs:20 security update

Type:

security

Severity:

important

Release date:

2025-02-14

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
  * nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
  * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.aarch64.rpm	24b70d6598c61e3a5adb534bc0a23977d772b11cf4eebc18e6b3a9bee6e19199
aarch64	nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.aarch64.rpm	a587731d405fabd002f00fe1bc0c40765c41e66c0b5f2345d47b7aa8d9e9169c
aarch64	npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.aarch64.rpm	c40e3be1280528315ec68bd5497b871931c391aed846b2b15700c1c3bc06c248
aarch64	nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.aarch64.rpm	c4431a7ff49e810f58f5bcdced1c808b3bdbb95ba03bd091508d17f665b5b0cf
noarch	nodejs-docs-20.18.2-1.module_el8.10.0+3958+472a6467.noarch.rpm	1d9aa2d875f62b3c99742b05a2e9cb0006cf394ef25f3a44f971ca46bc2d2cfb
noarch	nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm	1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch	nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm	9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.10.0+3958+472a6467.noarch.rpm	af48fab85994e826d5a0ca5a05df770fb8e54b94556401a5c6a6844f4c6dce64
ppc64le	npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.ppc64le.rpm	4253073290e30894a927250141cd3802afb04a0ceaca6dc49ec3c32ebe7cc85a
ppc64le	nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.ppc64le.rpm	c0b8107fbd148d67e831ecb38a5b56889c95382b492126353cb50eb3ea15e619
ppc64le	nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.ppc64le.rpm	da8170e5026b7da8f43a9c469ca239e07e6a08d8946224af6b5e8bcd06677e29
ppc64le	nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.ppc64le.rpm	edbe59c1b46fe0f3028fa781f87516f9fb5a0d5ce05b1f26b14e6053ca1b3255
s390x	nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.s390x.rpm	45f6aabf295fe21a4112e1a97d81fe1d8d86fa452140d4492c7f474b827641f9
s390x	nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.s390x.rpm	5d7b9c39fc4efeb95cecc7f1ab2a60ab3532ed66effaf0c7cff62900e5379571
s390x	nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.s390x.rpm	ec7b68b2914bccf4f50814aa1349bf39b27d73c2ce027af1c5247aebf62709df
s390x	npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.s390x.rpm	f9d3f8323754c27b6077531d0ecd2ab89ddab927abf44e96cee9653c254851b3
x86_64	nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.x86_64.rpm	19c82aea6df46ea633d87aa4c43eb8b71c169b428ed855b06317f6ef525647b0
x86_64	npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.x86_64.rpm	4604f7075c971fc48b4d4b66363b776d6f2551221dd9f1d92bb825e0493a4e2f
x86_64	nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.x86_64.rpm	6dcae54969409bf8f79fbd8fcc3ebed3a72fed06964dc522993a0d84c6e50db0
x86_64	nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.x86_64.rpm	b690b5686e4fc89bd9098179909d0bcb0290f540e034f4975495b69ff99f2506

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.