[ALSA-2025:1582] Moderate: nodejs:18 security update
Type:
security
Severity:
moderate
Release date:
2025-02-18
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150) * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 npm-10.8.2-1.18.20.6.1.module_el8.10.0+3960+fcfbf683.aarch64.rpm 5f58d40b4c10684195f9e8a1e19c36c5e2f49a1cc0bce964495e2ef22619e74d
aarch64 nodejs-full-i18n-18.20.6-1.module_el8.10.0+3960+fcfbf683.aarch64.rpm cd4ac0a08a3375d423d60a728606a6f1e6ea4818e0fccff2097ef73a25da3895
aarch64 nodejs-devel-18.20.6-1.module_el8.10.0+3960+fcfbf683.aarch64.rpm ebc051031be825d4196331aba95d257d62fc4c761eac4479e14b91260b167ca1
aarch64 nodejs-18.20.6-1.module_el8.10.0+3960+fcfbf683.aarch64.rpm f8389bca152e0a4a8a473613068a36dd708d43d134afaaa5941bec5cec35e4af
noarch nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm 1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch nodejs-packaging-2021.06-4.module_el8.10.0+3961+6a788e57.noarch.rpm 46dc3ddb344e0ffee7331f57a2f7b7fc674e9abd901af46cba10926f0c9b0e9d
noarch nodejs-docs-18.20.6-1.module_el8.10.0+3960+fcfbf683.noarch.rpm e3f97969158c9c89258d3173e2e0026c0776c4e1ea7f13c773abb029434b541a
noarch nodejs-packaging-bundler-2021.06-4.module_el8.10.0+3961+6a788e57.noarch.rpm f68cc5d7a383cbee17ad43acc466061915b2b7309b6696369168e2a3c4a7158c
ppc64le nodejs-full-i18n-18.20.6-1.module_el8.10.0+3960+fcfbf683.ppc64le.rpm 1ec33ca7350ad0d80549fc8fae01fc4b0e571df774ad2ece48dff5357106a6d4
ppc64le nodejs-18.20.6-1.module_el8.10.0+3960+fcfbf683.ppc64le.rpm 236813038a6ae99b379f9be52f86af198fc308009decb5a456f209f64fd0b29c
ppc64le nodejs-devel-18.20.6-1.module_el8.10.0+3960+fcfbf683.ppc64le.rpm 5b56a90c3a25680a455304114ed6f46d68df823548d110d27b0d250823eb97c0
ppc64le npm-10.8.2-1.18.20.6.1.module_el8.10.0+3960+fcfbf683.ppc64le.rpm 8fe0f507f00ba47a5b93250e7d4d608719cfadc7056e51c2cf5ed8979a73dfa2
s390x nodejs-full-i18n-18.20.6-1.module_el8.10.0+3960+fcfbf683.s390x.rpm 0bc09eacd58b6b82b4241264d8ad062f2f2b39932417dd08300b3f550c0656b5
s390x npm-10.8.2-1.18.20.6.1.module_el8.10.0+3960+fcfbf683.s390x.rpm 77731edbd4f31484e9ecda0682872cc2652936929153fdc36053204e370f8ef9
s390x nodejs-18.20.6-1.module_el8.10.0+3960+fcfbf683.s390x.rpm 9207a3c4c0e5563b1c47533d70671db18563517b810169a4bbf52718aecd1678
s390x nodejs-devel-18.20.6-1.module_el8.10.0+3960+fcfbf683.s390x.rpm b488be3562984a019c2b6892149e6e8f4cbd2e2831c304a2c07d059deb6843bd
x86_64 nodejs-full-i18n-18.20.6-1.module_el8.10.0+3960+fcfbf683.x86_64.rpm 8f98e92e4ea05ee527658af8a83b64cfa57498b5f910d893cb833479d961c5ee
x86_64 nodejs-18.20.6-1.module_el8.10.0+3960+fcfbf683.x86_64.rpm abc57dd3059b717e13cf8e3c233dc63e02a7ad8de47c1cb7cfa0cd95ab7672a3
x86_64 npm-10.8.2-1.18.20.6.1.module_el8.10.0+3960+fcfbf683.x86_64.rpm afb762b02ff903d91653936fc08072852d1ba1cac8e931cd26bb6779392c0dd7
x86_64 nodejs-devel-18.20.6-1.module_el8.10.0+3960+fcfbf683.x86_64.rpm e901755fabde8d378e723dade380fa69edb42b9732a213c5034b28369db024d1
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.