ALSA-2025:1446

[ALSA-2025:1446] Moderate: nodejs:18 security update

Type:

security

Severity:

moderate

Release date:

2025-02-14

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
  * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-devel-18.20.6-1.module_el9.5.0+136+92f38f3c.aarch64.rpm	1f67e07647aa16ccdc919c6e894b63dbd9470b47216f56f60b075f80ce86ef16
aarch64	nodejs-full-i18n-18.20.6-1.module_el9.5.0+136+92f38f3c.aarch64.rpm	9d175513fa9f66b4581095e1f4a6c064ce1be4c6802213315b44bf7b0b9dc984
aarch64	npm-10.8.2-1.18.20.6.1.module_el9.5.0+136+92f38f3c.aarch64.rpm	a4c59aaa8a4c591a50b80d0e416d3f47e9e4f67d819bb099f88b76c26c9a3a55
aarch64	nodejs-18.20.6-1.module_el9.5.0+136+92f38f3c.aarch64.rpm	cefe2d413343edf543da95e5bc87b41578842d3e3f89af100c330e42387a5c0f
noarch	nodejs-docs-18.20.6-1.module_el9.5.0+136+92f38f3c.noarch.rpm	44794d60a66eef706a67719d77d8b9cbb1ca037963058fa7386dc40b5163b921
noarch	nodejs-nodemon-3.0.1-1.module_el9.5.0+136+92f38f3c.noarch.rpm	9568f3f288eb90ba5d978da40785d16e3210b65e92276e8ca17b6d88a3339c1b
noarch	nodejs-packaging-2021.06-4.module_el9.5.0+136+92f38f3c.noarch.rpm	bfb954cf0a070014a29b11e53507cb0f05b992c7e1bf6cb568840bb815dca58e
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.5.0+124+df88fe49.noarch.rpm	cb21fb7f8fb0ef5afe10bf3cfbdd7c7d11c15d5c6b567e91a1a2b2256a2424a2
ppc64le	npm-10.8.2-1.18.20.6.1.module_el9.5.0+136+92f38f3c.ppc64le.rpm	2152fbf49efd4aca159c32d1301b290977df28ee0c07cff74ebfb840f46bf17b
ppc64le	nodejs-18.20.6-1.module_el9.5.0+136+92f38f3c.ppc64le.rpm	4c57ce2378248bbea0494ff871c50f40e462a38136deca0914d280f0da797d9c
ppc64le	nodejs-full-i18n-18.20.6-1.module_el9.5.0+136+92f38f3c.ppc64le.rpm	701cda59f175f499ebf1b136ed4924104d3ebc595308a2bb1484f37ca4581ced
ppc64le	nodejs-devel-18.20.6-1.module_el9.5.0+136+92f38f3c.ppc64le.rpm	ca6765ed22a88b89c57b7cd62bf3958ddeb53457da9a77bb5166f2c67930c0e6
s390x	nodejs-devel-18.20.6-1.module_el9.5.0+136+92f38f3c.s390x.rpm	064fce9035573c420c608ac59d5ba1b669d7c56e1722f8ae5471b819bc9c4e7f
s390x	npm-10.8.2-1.18.20.6.1.module_el9.5.0+136+92f38f3c.s390x.rpm	2b93007cc1f5e56290e15bb96a4d062d043bb264d47a18d26f20e2dd24e99747
s390x	nodejs-18.20.6-1.module_el9.5.0+136+92f38f3c.s390x.rpm	ccf29521730b387b77ac628257f3cefab5befcd702959302fdaa02a3c23206e9
s390x	nodejs-full-i18n-18.20.6-1.module_el9.5.0+136+92f38f3c.s390x.rpm	e347e92eea6c9154cecda77354798768a1c071e183b882355f7565e1590a64a2
x86_64	npm-10.8.2-1.18.20.6.1.module_el9.5.0+136+92f38f3c.x86_64.rpm	55e495cb78d35f434f8fcb61bfb89f5973998c69fca8504d187c9e3c0a293cbd
x86_64	nodejs-18.20.6-1.module_el9.5.0+136+92f38f3c.x86_64.rpm	5e2ad73630f7f24aac4ea04c135d850b999210a2b9a60ea4e45182f96c4aebf0
x86_64	nodejs-devel-18.20.6-1.module_el9.5.0+136+92f38f3c.x86_64.rpm	660531cc7c0b91d9d806fd31bc9d059114362d4e466aa4efcd038652e116553d
x86_64	nodejs-full-i18n-18.20.6-1.module_el9.5.0+136+92f38f3c.x86_64.rpm	9f23ffd5bc931b553b308e966523d20fcce6515fe50096d9cd4a6a73327dda4a

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.