Alerts This Week
Warning Icon 1 609
Alerts This Week
Warning Icon 1 609

Ubuntu 23.04 python38 Key Security Patch 2025-2f56a12ab3

fedora
Calendar Grey May 13, 2026
Dist Fedora Esm H88
Critical update for Fedora 42 addressing nodejs20 Denial of Service issues with important fixes and enhancements.
Update for nodejs20

Summary

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

Update Information:

Update for nodejs20

Topics%20covered

Topics Covered

security advisory denial of service fedora remote access important nodejs20

Change Log

* Fri Apr 24 2026 Andrei Radchenko - 1:20.20.2-4 - test plan: diverge from f44 - bin packages were introduced in f44 onwards - provision step should be set automatically by testing farm * Tue Apr 14 2026 tjuhasz - 1:20.20.2-3 - Rework of update of nghttp2 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-2 - Update bundled nghttp2 to 1.68.1 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-1 - Update to version 20.20.2 (rhbz#2444850) * Tue Apr 14 2026 tjuhasz - 1:20.20.1-1 - Update to version 20.20.1 (rhbz#2444850) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-5 - Disable flaky test on s390x * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-4 - Own /usr/lib/node_modules again (rhbz#2438837) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-3 - Convert to next-gen packaging - Use packaging scripts and spec file structure from current nodejs24

References


[ 1 ] Bug #2453563 - CVE-2026-21717 nodejs20: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453563 [ 2 ] Bug #2453567 - CVE-2026-21714 nodejs20: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453567 [ 3 ] Bug #2453570 - CVE-2026-21713 nodejs20: Node.js: Information disclosure via timing oracle in HMAC verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453570 [ 4 ] Bug #2453592 - CVE-2026-21716 nodejs20: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453592 [ 5 ] Bug #2453596 - CVE-2026-21715 nodejs20: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read re...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0f43f09cd9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nodejs20
Product: Fedora 42
Version: 20.20.2
Release: 4.fc42
URL: https://nodejs.org
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory denial of service fedora remote access important nodejs20

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here