Описание
ELSA-2025-8506: nodejs:22 security update (IMPORTANT)
nodejs [1:22.15-1-1]
- Update to 22.16.0 Fixes: CVE-2025-23166
- Resolves: RHEL-91596 RHEL-92859
[1:22.15.0-1]
- Update to 22.15.0
- Drop upstream patches
[1:22.13.1-4]
- Patch fix for sqlite CVE-2025-31498 Resolves: RHEL-87300
[1:22.13.1-3]
- Update c-ares to newest version with fix for CVE-2025-31498 Resolves: RHEL-86581
[1:22.13.1-2]
- Remove obsolete lua pretransaction script from spec file Resolves: RHEL-81117 RHEL-71410
- Disable npm update notifications for users Resolves: RHEL-81080
[22.13.1-1]
- Upgrade to version 22.13.1 Fixes CVE-2025-23083 CVE-2025-23085 CVE-2025-22150 Resolves: RHEL-76362 RHEL-76897
[22.11.0-1]
- Upgrade to nodejs 22.11.0. Resolves: RHEL-35991
[22.4.1-4]
- Exclude ix86 arches from building. Related: RHEL-35991
[22.4.1-4]
- Initial import of nodeJS 22 Resolves: RHEL-35991
nodejs-nodemon nodejs-packaging
Обновленные пакеты
Oracle Linux 8
Oracle Linux aarch64
Module nodejs:22 is enabled
nodejs
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-devel
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-docs
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-full-i18n
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-libs
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-nodemon
3.0.1-1.module+el8.10.0+90605+76e4d41a
nodejs-packaging
2021.06-4.module+el8.10.0+90605+76e4d41a
nodejs-packaging-bundler
2021.06-4.module+el8.10.0+90605+76e4d41a
npm
10.9.2-1.22.16.0.1.module+el8.10.0+90605+76e4d41a
v8-12.4-devel
12.4.254.21-1.22.16.0.1.module+el8.10.0+90605+76e4d41a
Oracle Linux x86_64
Module nodejs:22 is enabled
nodejs
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-devel
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-docs
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-full-i18n
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-libs
22.16.0-1.module+el8.10.0+90605+76e4d41a
nodejs-nodemon
3.0.1-1.module+el8.10.0+90605+76e4d41a
nodejs-packaging
2021.06-4.module+el8.10.0+90605+76e4d41a
nodejs-packaging-bundler
2021.06-4.module+el8.10.0+90605+76e4d41a
npm
10.9.2-1.22.16.0.1.module+el8.10.0+90605+76e4d41a
v8-12.4-devel
12.4.254.21-1.22.16.0.1.module+el8.10.0+90605+76e4d41a
Связанные CVE
Связанные уязвимости
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowExce ...
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.