ALSA-2025:1611

[ALSA-2025:1611] Important: nodejs:22 security update

Type:

security

Severity:

important

Release date:

2025-02-18

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
  * nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
  * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-libs-22.13.1-1.module_el8.10.0+3961+6a788e57.aarch64.rpm	2ea1998701b2ccf7534ed749f6e8c72bf88bee401976a82688db63386b2d4182
aarch64	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el8.10.0+3961+6a788e57.aarch64.rpm	4445dc14a234c0383ff0c8511e7a7555cbc1563a22090c55eed9735625c189fb
aarch64	npm-10.9.2-1.22.13.1.1.module_el8.10.0+3961+6a788e57.aarch64.rpm	4897f0ff5c95928ae79907df1e6103bccaaeb68aa3de8dcbdee3425315b47160
aarch64	nodejs-devel-22.13.1-1.module_el8.10.0+3961+6a788e57.aarch64.rpm	778680142946ff41040b7e198fda68faa0f5f0059700904c32a9bdc70650315c
aarch64	nodejs-full-i18n-22.13.1-1.module_el8.10.0+3961+6a788e57.aarch64.rpm	b58766f9d02be2f59cec398d0d5c873b82f2e786cf9501e8312a23bf5dbb49ba
aarch64	nodejs-22.13.1-1.module_el8.10.0+3961+6a788e57.aarch64.rpm	cbb4a94a9cc441732a454d8da79f6c68740e3d4943cbe07c08b59e3895a48ad4
noarch	nodejs-docs-22.13.1-1.module_el8.10.0+3961+6a788e57.noarch.rpm	18f0b1a437341350647ac6f533cfa35dfa53fa152b0aacc27407471651497bcb
noarch	nodejs-nodemon-3.0.1-1.module_el8.8.0+3613+1ed8c91d.noarch.rpm	1de153a1170baeaa24f02ebd86d32d508ac48ea9ed54e2a70c5250a81952a65b
noarch	nodejs-packaging-2021.06-4.module_el8.10.0+3961+6a788e57.noarch.rpm	46dc3ddb344e0ffee7331f57a2f7b7fc674e9abd901af46cba10926f0c9b0e9d
noarch	nodejs-packaging-bundler-2021.06-4.module_el8.10.0+3961+6a788e57.noarch.rpm	f68cc5d7a383cbee17ad43acc466061915b2b7309b6696369168e2a3c4a7158c
ppc64le	npm-10.9.2-1.22.13.1.1.module_el8.10.0+3961+6a788e57.ppc64le.rpm	1665d788e6fe43d0a760917734827334e6f056c13313513ce338284ce051840b
ppc64le	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el8.10.0+3961+6a788e57.ppc64le.rpm	37ae8b3a60dc62b6645a0b9cff70a0afc2f73bc0cb187d14c547b6a7c675a23c
ppc64le	nodejs-libs-22.13.1-1.module_el8.10.0+3961+6a788e57.ppc64le.rpm	4bf748ee9bb336eb969333eb111431941e08cd62a6a6ee0fd1be2e52a38a8419
ppc64le	nodejs-full-i18n-22.13.1-1.module_el8.10.0+3961+6a788e57.ppc64le.rpm	6516e7034c12818638cc12700783549b01bd2967c67d04ca9a0665f74e2d474c
ppc64le	nodejs-22.13.1-1.module_el8.10.0+3961+6a788e57.ppc64le.rpm	7d3175593e5869f8165bf102de29c19d87fe18df1a038360f36a6a1d21910202
ppc64le	nodejs-devel-22.13.1-1.module_el8.10.0+3961+6a788e57.ppc64le.rpm	e1093a81b398fa70dffa23da573a7d190f3673bfd8a26cce9c022bc84220854e
s390x	nodejs-libs-22.13.1-1.module_el8.10.0+3961+6a788e57.s390x.rpm	03e2ef2c2b37dbdf108f2eba6b2ceee0e531cf16ab5f57037c4d6827f9e1e4a7
s390x	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el8.10.0+3961+6a788e57.s390x.rpm	18da70306ebe2d4c3124decb7dec6879b3912d8fbb99f7d6b47c52c263d1f14b
s390x	nodejs-22.13.1-1.module_el8.10.0+3961+6a788e57.s390x.rpm	1a1ad544cf6b03a84fa9380da5ef6354324ed1e2f6cdcfe5c577cfba576e5d17
s390x	nodejs-full-i18n-22.13.1-1.module_el8.10.0+3961+6a788e57.s390x.rpm	3f6283f240ff1c6ae9da6488631ebb1046745fa0374ae91dec1be5e11b33e0e4
s390x	nodejs-devel-22.13.1-1.module_el8.10.0+3961+6a788e57.s390x.rpm	a21ebfae638b63508d0ca47b3d191200b143c90de61432783ba3d0e53344bb5b
s390x	npm-10.9.2-1.22.13.1.1.module_el8.10.0+3961+6a788e57.s390x.rpm	b3ced75dcef759e688e549c781af9f2bd4bd6bbc2c987e194f78cd41030b4201
x86_64	nodejs-devel-22.13.1-1.module_el8.10.0+3961+6a788e57.x86_64.rpm	4b9cee2a5141462cccdf6d930b93bb58b5337fb1672aa74f21caf12ad26801c2
x86_64	nodejs-full-i18n-22.13.1-1.module_el8.10.0+3961+6a788e57.x86_64.rpm	51410adab7eec0420f8676c1340cd7189c69ee48c61a9b522e851b012c2f9ee2
x86_64	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el8.10.0+3961+6a788e57.x86_64.rpm	6e4475a118075e5f64c2e9ff3584076f95c06f11fd77b7b137264473d702716d
x86_64	nodejs-libs-22.13.1-1.module_el8.10.0+3961+6a788e57.x86_64.rpm	773f758fc2f5143b8fd5f3acc01e653bfdd43168b7c827b79d05cb0d39cc8005
x86_64	nodejs-22.13.1-1.module_el8.10.0+3961+6a788e57.x86_64.rpm	846913de1ead32e0a68511c7e382fdc8a1fe335f32c321ccdd72d060098b58f7
x86_64	npm-10.9.2-1.22.13.1.1.module_el8.10.0+3961+6a788e57.x86_64.rpm	9d032da03febd73f6ecc7b0738ccbb40679d69fd9cf2892f2a5a7d178b311572

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.