[ALSA-2025:1351] Important: nodejs:20 security update
Type:
security
Severity:
important
Release date:
2025-02-14
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150) * nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083) * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.aarch64.rpm 24b70d6598c61e3a5adb534bc0a23977d772b11cf4eebc18e6b3a9bee6e19199
aarch64 nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.aarch64.rpm a587731d405fabd002f00fe1bc0c40765c41e66c0b5f2345d47b7aa8d9e9169c
aarch64 npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.aarch64.rpm c40e3be1280528315ec68bd5497b871931c391aed846b2b15700c1c3bc06c248
aarch64 nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.aarch64.rpm c4431a7ff49e810f58f5bcdced1c808b3bdbb95ba03bd091508d17f665b5b0cf
noarch nodejs-docs-20.18.2-1.module_el8.10.0+3958+472a6467.noarch.rpm 1d9aa2d875f62b3c99742b05a2e9cb0006cf394ef25f3a44f971ca46bc2d2cfb
noarch nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm 1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch nodejs-packaging-2021.06-4.module_el8.7.0+3343+ea2b7901.noarch.rpm 9430d44c78a3cfbe1ae3d39b8531f651606661943959bc0c3de87b2f91ea6f67
noarch nodejs-packaging-bundler-2021.06-4.module_el8.10.0+3958+472a6467.noarch.rpm af48fab85994e826d5a0ca5a05df770fb8e54b94556401a5c6a6844f4c6dce64
ppc64le npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.ppc64le.rpm 4253073290e30894a927250141cd3802afb04a0ceaca6dc49ec3c32ebe7cc85a
ppc64le nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.ppc64le.rpm c0b8107fbd148d67e831ecb38a5b56889c95382b492126353cb50eb3ea15e619
ppc64le nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.ppc64le.rpm da8170e5026b7da8f43a9c469ca239e07e6a08d8946224af6b5e8bcd06677e29
ppc64le nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.ppc64le.rpm edbe59c1b46fe0f3028fa781f87516f9fb5a0d5ce05b1f26b14e6053ca1b3255
s390x nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.s390x.rpm 45f6aabf295fe21a4112e1a97d81fe1d8d86fa452140d4492c7f474b827641f9
s390x nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.s390x.rpm 5d7b9c39fc4efeb95cecc7f1ab2a60ab3532ed66effaf0c7cff62900e5379571
s390x nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.s390x.rpm ec7b68b2914bccf4f50814aa1349bf39b27d73c2ce027af1c5247aebf62709df
s390x npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.s390x.rpm f9d3f8323754c27b6077531d0ecd2ab89ddab927abf44e96cee9653c254851b3
x86_64 nodejs-full-i18n-20.18.2-1.module_el8.10.0+3958+472a6467.x86_64.rpm 19c82aea6df46ea633d87aa4c43eb8b71c169b428ed855b06317f6ef525647b0
x86_64 npm-10.8.2-1.20.18.2.1.module_el8.10.0+3958+472a6467.x86_64.rpm 4604f7075c971fc48b4d4b66363b776d6f2551221dd9f1d92bb825e0493a4e2f
x86_64 nodejs-20.18.2-1.module_el8.10.0+3958+472a6467.x86_64.rpm 6dcae54969409bf8f79fbd8fcc3ebed3a72fed06964dc522993a0d84c6e50db0
x86_64 nodejs-devel-20.18.2-1.module_el8.10.0+3958+472a6467.x86_64.rpm b690b5686e4fc89bd9098179909d0bcb0290f540e034f4975495b69ff99f2506
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.