ALSA-2025:1613

[ALSA-2025:1613] Important: nodejs:22 security update

Type:

security

Severity:

important

Release date:

2025-02-18

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * undici: Undici Uses Insufficiently Random Values (CVE-2025-22150)
  * nodejs: Node.js Worker Thread Exposure via Diagnostics Channel (CVE-2025-23083)
  * nodejs: GOAWAY HTTP/2 frames cause memory leak outside heap (CVE-2025-23085)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el9.5.0+139+09296491.aarch64.rpm	1784324a1011e498df7452775ed2f68ed2e6c20e081ed028c31d1d9031a826f2
aarch64	nodejs-full-i18n-22.13.1-1.module_el9.5.0+139+09296491.aarch64.rpm	73f9753ca62eb14819ebcd00745ee231f31f416bb160e2c72ba1070d1777b0c0
aarch64	npm-10.9.2-1.22.13.1.1.module_el9.5.0+139+09296491.aarch64.rpm	89342149eaa9c6a69306ba8626090c1e477d6206a38b0b9e3f4f9e1ae19b2b73
aarch64	nodejs-devel-22.13.1-1.module_el9.5.0+139+09296491.aarch64.rpm	8abd063e664b905dfb15cf65d1385564d9788d21cb1480fd7452ca66e8eee7f1
aarch64	nodejs-libs-22.13.1-1.module_el9.5.0+139+09296491.aarch64.rpm	92207bb82ad026764a7fc6b13d7c434d45a68931e5a539997500c18bb3ae2be0
aarch64	nodejs-22.13.1-1.module_el9.5.0+139+09296491.aarch64.rpm	ab244c0dab4cb47f23ffba3d5c03de266bb0cd5ec78f63fee287119956b05302
noarch	nodejs-packaging-bundler-2021.06-4.module_el9.5.0+139+09296491.noarch.rpm	8d55336a92da679c52d1360312b8a8816a753687bce70e3efcb80ca181d76662
noarch	nodejs-nodemon-3.0.1-1.module_el9.5.0+136+92f38f3c.noarch.rpm	9568f3f288eb90ba5d978da40785d16e3210b65e92276e8ca17b6d88a3339c1b
noarch	nodejs-docs-22.13.1-1.module_el9.5.0+139+09296491.noarch.rpm	9ceb6b255ac8e0ab31086f29fe4215ec55497fa486c2df07985cdb83c7035025
noarch	nodejs-packaging-2021.06-4.module_el9.5.0+136+92f38f3c.noarch.rpm	bfb954cf0a070014a29b11e53507cb0f05b992c7e1bf6cb568840bb815dca58e
ppc64le	nodejs-devel-22.13.1-1.module_el9.5.0+139+09296491.ppc64le.rpm	2e917cbd3d0f13de081acce818abba221f532cce4c26b65cb5e653ddff14c20c
ppc64le	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el9.5.0+139+09296491.ppc64le.rpm	5ae1fe69baabab04a6719c9f547cb931420ae1bd936aef9509b6581429781b56
ppc64le	npm-10.9.2-1.22.13.1.1.module_el9.5.0+139+09296491.ppc64le.rpm	694a7b419ac4a2a82a853d287fc186bbe2a190cf8ad6fd679af068d718f30d19
ppc64le	nodejs-22.13.1-1.module_el9.5.0+139+09296491.ppc64le.rpm	696031cd3c9b529a9e6fbd2cd6135c8682efa375ff13f56250289bc709433d6f
ppc64le	nodejs-libs-22.13.1-1.module_el9.5.0+139+09296491.ppc64le.rpm	a74adbfb5b2a24fa26890f8b1b097b7b11d849e009041ea77d4121271bb36130
ppc64le	nodejs-full-i18n-22.13.1-1.module_el9.5.0+139+09296491.ppc64le.rpm	f8d20d15ee087e2da2692b15df8713411dc77600f81693cf0fae0acd47fa3f3b
s390x	npm-10.9.2-1.22.13.1.1.module_el9.5.0+139+09296491.s390x.rpm	059dfeb132d92a36ef2e6e5d7726c32fc852850a711a17bb2386f872619ffada
s390x	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el9.5.0+139+09296491.s390x.rpm	21f02213f34e914316103f40d5db10b2feb329f3b9b8e24da31765d518eac615
s390x	nodejs-full-i18n-22.13.1-1.module_el9.5.0+139+09296491.s390x.rpm	2c9cdd3d7d8dd15a28977830c074e17b5768dffd50183328c10217a77ae0eb4d
s390x	nodejs-devel-22.13.1-1.module_el9.5.0+139+09296491.s390x.rpm	2d85f0e4b2280370acfb41474e53982098f04d68401d7012769a04a97496b0a8
s390x	nodejs-22.13.1-1.module_el9.5.0+139+09296491.s390x.rpm	44a4b604666a6e8416ec658ba46004e52d90970154eca3c908f9a3edaf2d9429
s390x	nodejs-libs-22.13.1-1.module_el9.5.0+139+09296491.s390x.rpm	e3d8a3112674eafde2c96794429a8ad69745afeec292e5e767d2c3b919ed466c
x86_64	nodejs-22.13.1-1.module_el9.5.0+139+09296491.x86_64.rpm	165783740a7279dd47ce9e24141d456d1d48c0c099e7672d3973746b2deba093
x86_64	v8-12.4-devel-12.4.254.21-1.22.13.1.1.module_el9.5.0+139+09296491.x86_64.rpm	60832a30cd6ae8560f6f1c88a97a6eb979e9313ea08c11b58e52fa3b402ee3ed
x86_64	nodejs-libs-22.13.1-1.module_el9.5.0+139+09296491.x86_64.rpm	66ce3e4ba64d118b807d315889c8ce9cdc44e1a3191c4d9fc0d82db58d0262f2
x86_64	nodejs-devel-22.13.1-1.module_el9.5.0+139+09296491.x86_64.rpm	a0105adc310ac41c0d740004b8dee57002d6ac4256d3c197ac48f927cc74ef5d
x86_64	nodejs-full-i18n-22.13.1-1.module_el9.5.0+139+09296491.x86_64.rpm	dbc3b027c9d9ef207a8238be656311a88d1a22e6abc598f05417cd0db0c33a0f
x86_64	npm-10.9.2-1.22.13.1.1.module_el9.5.0+139+09296491.x86_64.rpm	ee4a9b84a9acecbf650189866cbe36a3db3246a62141117508a14bf6ec1a1cfa

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.