ALSA-2026:2781

[ALSA-2026:2781] Important: nodejs:24 security update

Type:

security

Severity:

important

Release date:

2026-02-18

Description:

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.   

Security Fix(es):  

  * nodejs: Nodejs filesystem permissions bypass (CVE-2025-55132)
  * nodejs: Nodejs denial of service (CVE-2026-21637)
  * nodejs: Nodejs denial of service (CVE-2025-59466)
  * nodejs: Nodejs denial of service (CVE-2025-59465)
  * nodejs: Nodejs uninitialized memory exposure (CVE-2025-55131)
  * nodejs: Nodejs file permissions bypass (CVE-2025-55130)


For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References:

Updated packages listed below:

Architecture	Package	Checksum
aarch64	nodejs-libs-24.13.0-1.module_el9.7.0+209+ecf6523e.aarch64.rpm	032e52ea6e9d279796975c9df8083e233721c94c75ad84d3e2427e5780d079f4
aarch64	nodejs-devel-24.13.0-1.module_el9.7.0+209+ecf6523e.aarch64.rpm	0a758ad7f9e490b5ff11d777c2adb3c67cf114d01d59dba4688214eb1f623e50
aarch64	nodejs-24.13.0-1.module_el9.7.0+209+ecf6523e.aarch64.rpm	5785d6c206a43ad66c58b17881d3a019c3c3941302c8889de3987ffa544d550f
aarch64	v8-13.6-devel-13.6.233.17-1.24.13.0.1.module_el9.7.0+209+ecf6523e.aarch64.rpm	5ee8915746294a58ef4ce028014bd074d7d956d831d40e786cdb1e38f9a75a2e
aarch64	nodejs-full-i18n-24.13.0-1.module_el9.7.0+209+ecf6523e.aarch64.rpm	9f9112f0e487d81221a52f2950ecca89aafea3aae118af07ca443ab11f41e424
noarch	nodejs-nodemon-3.0.3-3.module_el9.7.0+209+ecf6523e.noarch.rpm	6688ca82e36c7f78fe80655131c4a7fad6d4c7b9c851130cb6202a27b946c979
noarch	npm-11.6.2-1.24.13.0.1.module_el9.7.0+209+ecf6523e.noarch.rpm	931ef73d066840659ef738e6282e95b16c91f6f620c8f26fd043d22f7444ae8c
noarch	nodejs-packaging-bundler-2021.06-6.module_el9.7.0+198+8bf605ba.noarch.rpm	97b592d61e7cdad2e8509964064ddbff27be4f5aa478b78c4438ac2fd0d42bb1
noarch	nodejs-packaging-2021.06-6.module_el9.7.0+209+ecf6523e.noarch.rpm	e12d6593295b63bbaffb1d59469018386e8cf5428b60b3671861a3b9e68d1fc4
noarch	nodejs-docs-24.13.0-1.module_el9.7.0+209+ecf6523e.noarch.rpm	f3dcf4672dfa5ced1e0eb20f250035b95ef6641b4e73e39d51a627ecba152c4b
ppc64le	nodejs-devel-24.13.0-1.module_el9.7.0+209+ecf6523e.ppc64le.rpm	146f567e0e5827e9af5d59d0b3a89bfdce24bb086e5fdbb4326b55f800e73032
ppc64le	nodejs-full-i18n-24.13.0-1.module_el9.7.0+209+ecf6523e.ppc64le.rpm	817588c4d2c713f3f281942c718f7c54b3c44cbf9271238adf14fadf14af7cf4
ppc64le	v8-13.6-devel-13.6.233.17-1.24.13.0.1.module_el9.7.0+209+ecf6523e.ppc64le.rpm	c28f3b61b9b551de8cbefd785ebfde86288803a61615217b81f84f18599f5433
ppc64le	nodejs-libs-24.13.0-1.module_el9.7.0+209+ecf6523e.ppc64le.rpm	d9367f6934a9d5afb303fe7fc5930f40aeeb9930cf3d2810d45d2697ba84b770
ppc64le	nodejs-24.13.0-1.module_el9.7.0+209+ecf6523e.ppc64le.rpm	fb0f5bf4d78801f6f7ea7d677d102c5eeb7a9770e46effbcc6d31c4243714588
s390x	nodejs-devel-24.13.0-1.module_el9.7.0+209+ecf6523e.s390x.rpm	5f4fdde9d94c71d891edf85d71c72379d6ca59dc62da1d5af63baf3cb541ca4b
s390x	nodejs-24.13.0-1.module_el9.7.0+209+ecf6523e.s390x.rpm	70a27bdd4343b5d1f2edd86991f4ccc70f4901f7377a1438cd0d8b8af854e08b
s390x	nodejs-libs-24.13.0-1.module_el9.7.0+209+ecf6523e.s390x.rpm	762bb4b0e1a23761f7aaa1b13d8ed65e559f10d81d92b1852c659e31c48ef198
s390x	nodejs-full-i18n-24.13.0-1.module_el9.7.0+209+ecf6523e.s390x.rpm	7a4f7603cee9801b21deebbca54dd4fffb4743deee8115d4ab6ef8d2a4180268
s390x	v8-13.6-devel-13.6.233.17-1.24.13.0.1.module_el9.7.0+209+ecf6523e.s390x.rpm	a7d9e5d68eb4125b75e9b51f59f9048427a73092baf0dd91aefdf48ac893ec75
x86_64	nodejs-devel-24.13.0-1.module_el9.7.0+209+ecf6523e.x86_64.rpm	65027761f8181c78972b2ae55bbd6669a212755e1cbe744d89ad12082717c6ca
x86_64	nodejs-full-i18n-24.13.0-1.module_el9.7.0+209+ecf6523e.x86_64.rpm	999d3529b77792f66804c62e32912abae4683cbdf2dfd84380f2748694bc2bc7
x86_64	nodejs-24.13.0-1.module_el9.7.0+209+ecf6523e.x86_64.rpm	bfdaedf41f366efc408881091ce1bba734af67ff1b90b899dd9fa27ece36975b
x86_64	v8-13.6-devel-13.6.233.17-1.24.13.0.1.module_el9.7.0+209+ecf6523e.x86_64.rpm	d4d7fa92842570df207934b26879619eb705cb8db1a63e5bdd1deb865448ef25
x86_64	nodejs-libs-24.13.0-1.module_el9.7.0+209+ecf6523e.x86_64.rpm	e485636e18bb2c05cc497d65fc1aa237f84d3f23ba0bdd964b6848d02e05459f

Notes:

This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.