ALSA-2026:2420

[ALSA-2026:2420] Important: nodejs:24 security update

Type:

security

Severity:

important

Release date:

2026-02-12

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-24.13.0-0.module_el8.10.0+4113+bc863bc2.aarch64.rpm	0673f40314fa8ec5e6029aff04cbbfc1f38b8e2e26931d73605cf6b4f057380a
aarch64	nodejs-libs-24.13.0-0.module_el8.10.0+4113+bc863bc2.aarch64.rpm	2d9afccf876f852a2f4f9a04cd97ad805439b3e274289bce1a206f441826aaf2
aarch64	nodejs-24.13.0-0.module_el8.10.0+4113+bc863bc2.aarch64.rpm	48d76b43b99278dc4580b62e2b6c064f5800d48a4d69b7d649ac8131ad0ba586
aarch64	v8-13.6-devel-13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2.aarch64.rpm	b90b3f25d4f9ae17b64043d5fd73ef489d372f605de59fb952558942de62b6cf
aarch64	nodejs-full-i18n-24.13.0-0.module_el8.10.0+4113+bc863bc2.aarch64.rpm	c644d5a8ca9fd3ce0f42cad1e56467fa62d9148c1a7725c0ed6e919c27912585
noarch	nodejs-docs-24.13.0-0.module_el8.10.0+4113+bc863bc2.noarch.rpm	05a865e1bf5fe3112ba2f96c802ee859ae64ce4ca3820e16ae175c5a9fd428a0
noarch	nodejs-packaging-2021.06-6.module_el8.10.0+4086+70facd4a.noarch.rpm	318c493f93f2190506361306b5759e5e65eee18e3a8d85b195c800d8b7064bc0
noarch	npm-11.6.2-1.24.13.0.0.module_el8.10.0+4113+bc863bc2.noarch.rpm	9919ff306026467e4310bd20ef03654cc7483478f47f4ce9bc95b9c25217bcdd
noarch	nodejs-nodemon-3.0.3-1.module_el8.10.0+4061+f8ceeab9.noarch.rpm	9a38ec0d35f9d0671cb0343c1270c1a85bf1b2250b40fe3facedbd919eee2b91
noarch	nodejs-packaging-bundler-2021.06-6.module_el8.10.0+4086+70facd4a.noarch.rpm	f4b4a25dc07327deb51619715aae6bd35d22e29ccfc97141c0b61de3a1995eee
ppc64le	nodejs-full-i18n-24.13.0-0.module_el8.10.0+4113+bc863bc2.ppc64le.rpm	1379ef202f3a37ea05364b4e6c3017bea25a5b1807e6e939fe166d3dd9605138
ppc64le	v8-13.6-devel-13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2.ppc64le.rpm	47a1fa280dd3508e3902db66f4c7039e9b1e12d4ac3f90fe0c3217f9186e4ba6
ppc64le	nodejs-libs-24.13.0-0.module_el8.10.0+4113+bc863bc2.ppc64le.rpm	4c793cf914f1f38879093cf60ee1d886e458acea05e9e44fee54976b6523e77b
ppc64le	nodejs-24.13.0-0.module_el8.10.0+4113+bc863bc2.ppc64le.rpm	e4cb987e7f3cffd7d1e35260a7bbd4a41bac2d64da90a44d7484615e67e9626c
ppc64le	nodejs-devel-24.13.0-0.module_el8.10.0+4113+bc863bc2.ppc64le.rpm	ed296f4d85012a8c873e416bd7df93c4ccf5b5a7178b38f24e9352fb9b2e851a
s390x	nodejs-devel-24.13.0-0.module_el8.10.0+4113+bc863bc2.s390x.rpm	2addde1ead5155d599f19116bf833ec48b7698488096cebb9b4c740d48bcc063
s390x	nodejs-full-i18n-24.13.0-0.module_el8.10.0+4113+bc863bc2.s390x.rpm	47810ee0c43f3980fc54fa863ecfe21dc811fb075880e49743175efaaf434f52
s390x	nodejs-libs-24.13.0-0.module_el8.10.0+4113+bc863bc2.s390x.rpm	484e1e66982c8a6ee9a7c39acb0b6dc85e04ec8842fc61f5435576d6a1a53311
s390x	nodejs-24.13.0-0.module_el8.10.0+4113+bc863bc2.s390x.rpm	cff241d19a61a55b6e7e846e52a99c586e3ee8a89eba7d6820ada3cdd5312220
s390x	v8-13.6-devel-13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2.s390x.rpm	dfaa47b2b05446403e239521145762950fbc86db7189d6ba4069c89742e3edad
x86_64	nodejs-full-i18n-24.13.0-0.module_el8.10.0+4113+bc863bc2.x86_64.rpm	158bd71783e3df2505aff004d83dba2d6f86e3fb7550d3255390d53583490893
x86_64	nodejs-24.13.0-0.module_el8.10.0+4113+bc863bc2.x86_64.rpm	29faed3fefd1566d78a262cc09aab30b1e2922d66bb37b322075b79a4f00f987
x86_64	nodejs-libs-24.13.0-0.module_el8.10.0+4113+bc863bc2.x86_64.rpm	42791e74b98df0b30bbc2d7935cb7bd03c8315de8743b5eff5c290057ef4e1c1
x86_64	v8-13.6-devel-13.6.233.17-1.24.13.0.0.module_el8.10.0+4113+bc863bc2.x86_64.rpm	8665d1a6244efeeff459f93d8e008ce87af1a0fdcd79dc8879bed385ce7fe9d4
x86_64	nodejs-devel-24.13.0-0.module_el8.10.0+4113+bc863bc2.x86_64.rpm	aa78190b6630924d230292db78262c905cbb2cc9866bf6a5f4b12a987ce1296d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.