Alerts This Week
Warning Icon 1 541
Alerts This Week
Warning Icon 1 541

Fedora 43 Nodejs20 Important Denial of Service Issues 2026-9dc3a61ad8

fedora
Calendar Grey May 5, 2026
Dist Fedora Esm H88
Denial of service risks in Fedora 43 nodejs20 updated to v20.20.2 with critical security advisories and fixes.
Update to version 20.20.2

Summary

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

Update Information:

Update to version 20.20.2

Topics%20covered

Topics Covered

security advisory denial of service fedora Javascript important nodejs20

Change Log

* Tue Apr 14 2026 tjuhasz - 1:20.20.2-3 - Rework of update of nghttp2 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-2 - Update bundled nghttp2 to 1.68.1 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-1 - Update to version 20.20.2 (rhbz#2444850) * Tue Apr 14 2026 tjuhasz - 1:20.20.1-1 - Update to version 20.20.1 (rhbz#2444850) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-5 - Disable flaky test on s390x * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-4 - Own /usr/lib/node_modules again (rhbz#2438837) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-3 - Convert to next-gen packaging - Use packaging scripts and spec file structure from current nodejs24

References


[ 1 ] Bug #2447158 - CVE-2026-1528 nodejs20: undici: Denial of Service via crafted WebSocket frame with large length [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447158 [ 2 ] Bug #2447161 - CVE-2026-2229 nodejs20: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447161 [ 3 ] Bug #2447168 - CVE-2026-1525 nodejs20: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447168 [ 4 ] Bug #2447172 - CVE-2026-1527 nodejs20: Undici: HTTP header injection and request smuggling vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447172 [ 5 ] Bug #2447179 - CVE-2026-1526 nodejs20: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression [fedora-all] https://bugzilla.redha...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9dc3a61ad8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nodejs20
Product: Fedora 43
Version: 20.20.2
Release: 3.fc43
URL: https://nodejs.org
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory denial of service fedora Javascript important nodejs20

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here