[ALSA-2025:1443] Important: nodejs:20 security update
Type:
security
Severity:
important
Release date:
2025-02-14
Description:
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix(es): * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150) * nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083) * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Updated packages listed below:
Architecture Package Checksum
aarch64 nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.aarch64.rpm 1ca186d149c0a8a5e9b173e7010217025e7a6eee9da65dec385df2f99a2ffc23
aarch64 nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.aarch64.rpm 31e4befb6f9a6b7851f6a10b673d91904be7e1e3b3df815cfee711cc9843c81d
aarch64 npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.aarch64.rpm 7adf25ada171611f83d39a6561b5e729b289c0fd1a9a0032834cb6f9b0655713
aarch64 nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.aarch64.rpm ca66cc1bed0b7454db8c27960bdd23381fe6a4ad172134d77be7bb26f6415616
noarch nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm 6e3f86ef560d05b76cc9e5f81bdbcf1617374c3c12815325d267d44057a954e8
noarch nodejs-packaging-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm 8014b60b14856a94feb49d7f2a8754c6fd531ac93bf52e19702e32eea1fb729f
noarch nodejs-docs-20.18.2-1.module_el9.5.0+137+381f3eaf.noarch.rpm 89461b6ac62cedc048af335c1d731fe920e824dcd6aa21c8afd28ce8da18fae7
noarch nodejs-packaging-bundler-2021.06-4.module_el9.5.0+124+df88fe49.noarch.rpm cb21fb7f8fb0ef5afe10bf3cfbdd7c7d11c15d5c6b567e91a1a2b2256a2424a2
ppc64le nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.ppc64le.rpm 6248fac52ff859977abe7e4fa6aabfd0d93ed2ca793a2e28fb198bb59b7da344
ppc64le npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.ppc64le.rpm b5cb8c9b19d14ff4aaff8d8a222d4dbe3e78f284f4028c208eb7a21e5e980527
ppc64le nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.ppc64le.rpm d5965cb18849078b08beed4266c7c82e68472d858c089401cd3ea188a6f240e1
ppc64le nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.ppc64le.rpm dce81c16c5b13c6b8aef4a503abc79862c90719e88f22bbff6d2102454b0b02f
s390x npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.s390x.rpm 29168ddc7d6d2f391cc40a4f78d126a706b8855437b70fa5f709a5616ac6c6e5
s390x nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.s390x.rpm aceab1639de2de5b03b05ccd0f874db2eaaeb2d97f797b9495686709c4bd4d8e
s390x nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.s390x.rpm b627a2876fb42aa1319a7213d2c8ed4e42b302f5c485a7cd8944b26920d52f86
s390x nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.s390x.rpm b9bf80bcc753b0f0b10379fe53b10b36c8bef9acbb5fb486c1658aca9690719c
x86_64 nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.x86_64.rpm 3ed56a6a72949ec79152fb0a5a69bcfd1f5f1c17b1ad9a6d09b099ec2514a89b
x86_64 nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.x86_64.rpm 537bdebc15c08bc48e461103e0d0c014c8191d9fe1101e894375abb94262159b
x86_64 npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.x86_64.rpm c19d26dc65ea00acdfbd0b9e1f83b3670ac8561df75fc4efe0b53efbf6a68ca7
x86_64 nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.x86_64.rpm e884f0d984326d171e815cc7d8c3c6ce65779c46a83ad33d6947283adc8f4e7d
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.