ALSA-2025:1443

[ALSA-2025:1443] Important: nodejs:20 security update

Type:

security

Severity:

important

Release date:

2025-02-14

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
  * nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
  * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.aarch64.rpm	1ca186d149c0a8a5e9b173e7010217025e7a6eee9da65dec385df2f99a2ffc23
aarch64	nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.aarch64.rpm	31e4befb6f9a6b7851f6a10b673d91904be7e1e3b3df815cfee711cc9843c81d
aarch64	npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.aarch64.rpm	7adf25ada171611f83d39a6561b5e729b289c0fd1a9a0032834cb6f9b0655713
aarch64	nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.aarch64.rpm	ca66cc1bed0b7454db8c27960bdd23381fe6a4ad172134d77be7bb26f6415616
noarch	nodejs-nodemon-3.0.1-1.module_el9.2.0+36+853e48f5.noarch.rpm	6e3f86ef560d05b76cc9e5f81bdbcf1617374c3c12815325d267d44057a954e8
noarch	nodejs-packaging-2021.06-4.module_el9.3.0+88+29afeaa2.noarch.rpm	8014b60b14856a94feb49d7f2a8754c6fd531ac93bf52e19702e32eea1fb729f
noarch	nodejs-docs-20.18.2-1.module_el9.5.0+137+381f3eaf.noarch.rpm	89461b6ac62cedc048af335c1d731fe920e824dcd6aa21c8afd28ce8da18fae7
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.5.0+124+df88fe49.noarch.rpm	cb21fb7f8fb0ef5afe10bf3cfbdd7c7d11c15d5c6b567e91a1a2b2256a2424a2
ppc64le	nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.ppc64le.rpm	6248fac52ff859977abe7e4fa6aabfd0d93ed2ca793a2e28fb198bb59b7da344
ppc64le	npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.ppc64le.rpm	b5cb8c9b19d14ff4aaff8d8a222d4dbe3e78f284f4028c208eb7a21e5e980527
ppc64le	nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.ppc64le.rpm	d5965cb18849078b08beed4266c7c82e68472d858c089401cd3ea188a6f240e1
ppc64le	nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.ppc64le.rpm	dce81c16c5b13c6b8aef4a503abc79862c90719e88f22bbff6d2102454b0b02f
s390x	npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.s390x.rpm	29168ddc7d6d2f391cc40a4f78d126a706b8855437b70fa5f709a5616ac6c6e5
s390x	nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.s390x.rpm	aceab1639de2de5b03b05ccd0f874db2eaaeb2d97f797b9495686709c4bd4d8e
s390x	nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.s390x.rpm	b627a2876fb42aa1319a7213d2c8ed4e42b302f5c485a7cd8944b26920d52f86
s390x	nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.s390x.rpm	b9bf80bcc753b0f0b10379fe53b10b36c8bef9acbb5fb486c1658aca9690719c
x86_64	nodejs-full-i18n-20.18.2-1.module_el9.5.0+137+381f3eaf.x86_64.rpm	3ed56a6a72949ec79152fb0a5a69bcfd1f5f1c17b1ad9a6d09b099ec2514a89b
x86_64	nodejs-20.18.2-1.module_el9.5.0+137+381f3eaf.x86_64.rpm	537bdebc15c08bc48e461103e0d0c014c8191d9fe1101e894375abb94262159b
x86_64	npm-10.8.2-1.20.18.2.1.module_el9.5.0+137+381f3eaf.x86_64.rpm	c19d26dc65ea00acdfbd0b9e1f83b3670ac8561df75fc4efe0b53efbf6a68ca7
x86_64	nodejs-devel-20.18.2-1.module_el9.5.0+137+381f3eaf.x86_64.rpm	e884f0d984326d171e815cc7d8c3c6ce65779c46a83ad33d6947283adc8f4e7d

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.