Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Critical Denial of Service Advisory for Node.js 20 on Fedora 42

fedora
Calendar Grey January 31, 2026
Dist Fedora Esm H88
Critical security advisory for Fedora 42 on nodejs20 addressing multiple denial of service issues and performance concerns.
Update to version 20.20.0

Summary

Node.js is a platform built on Chrome's JavaScript runtime \

for easily building fast, scalable network applications. \

Node.js uses an event-driven, non-blocking I/O model that \

makes it lightweight and efficient, perfect for data-intensive \

real-time applications that run across distributed devices.}

Update Information:

Update to version 20.20.0

Topics%20covered

Topics Covered

security advisory denial of service fedora update critical nodejs20

Change Log

* Mon Jan 19 2026 Jan Stan\u011bk - 1:20.20.0-2 - Diverge from rawhide * Tue Jan 13 2026 tjuhasz - 1:20.20.0-1 - Update to version 20.20.0 (rhbz#2428957) * Mon Dec 1 2025 tjuhasz - 1:20.19.6-1 - Update to version 20.19.6 (rhbz#2417008) * Wed Nov 12 2025 tjuhasz - 1:20.19.5-3 - Rebuild for nodejs-packaging

References


[ 1 ] Bug #2421304 - CVE-2025-62408 nodejs20: c-ares: Denial of Service due to query termination after maximum attempts [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2421304 [ 2 ] Bug #2428957 - nodejs20-20.20.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2428957 [ 3 ] Bug #2430294 - CVE-2026-22036 nodejs20: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2430294 [ 4 ] Bug #2431451 - CVE-2025-55132 nodejs20: Nodejs filesystem permissions bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431451 [ 5 ] Bug #2431458 - CVE-2026-21637 nodejs20: Nodejs denial of service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431458 [ 6 ] Bug #2431465 - CVE-2025-59466 nodejs20: Nodejs denial of service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?i...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-fb4878551d' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nodejs20
Product: Fedora 42
Version: 20.20.0
Release: 2.fc42
URL: http://nodejs.org/
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory denial of service fedora update critical nodejs20

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here