Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Fedora 44 nodejs20 Denial of Service Issues Update 2026-05-05

fedora
Calendar Grey May 5, 2026
Dist Fedora Esm H88
Update for Fedora 44 nodejs20 addresses critical Denial of Service issues and provides enhanced system performance.
Update to version 20.20.2 Automatic update for nodejs20-20.20.0-7.fc44.

Summary

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

Update Information:

Update to version 20.20.2 Automatic update for nodejs20-20.20.0-7.fc44.

Topics%20covered

Topics Covered

security advisory denial of service fedora update important nodejs20

Change Log

* Wed Apr 1 2026 tjuhasz - 1:20.20.2-3 - Rework of update of nghttp2 * Mon Mar 30 2026 tjuhasz - 1:20.20.2-2 - Update bundled nghttp2 to 1.68.1 * Wed Mar 25 2026 tjuhasz - 1:20.20.2-1 - Update to version 20.20.2 (rhbz#2444850) * Fri Mar 20 2026 tjuhasz - 1:20.20.1-1 - Update to version 20.20.1 (rhbz#2444850) * Wed Mar 18 2026 Andrei Radchenko - 1:20.20.0-10 - introduce -bins sub-plan * Tue Mar 10 2026 Andrei Radchenko - 1:20.20.0-9 - tests: share metadata for all plans * Tue Feb 17 2026 Andrei Radchenko - 1:20.20.0-8 - spec: remove obsolete requires * Tue Feb 17 2026 Jan Stan\u011bk - 1:20.20.0-7 - Disable flaky test on s390x * Mon Feb 16 2026 Jan Stan\u011bk - 1:20.20.0-6 - Own /usr/lib/node_modules again (rhbz#2438837)

References


[ 1 ] Bug #2438837 - nodejs20 does not own/provide /usr/lib/node_modules directory https://bugzilla.redhat.com/show_bug.cgi?id=2438837 [ 2 ] Bug #2453563 - CVE-2026-21717 nodejs20: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453563 [ 3 ] Bug #2453567 - CVE-2026-21714 nodejs20: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453567 [ 4 ] Bug #2453570 - CVE-2026-21713 nodejs20: Node.js: Information disclosure via timing oracle in HMAC verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453570 [ 5 ] Bug #2453592 - CVE-2026-21716 nodejs20: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=24535...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c99f9dc3b1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nodejs20
Product: Fedora 44
Version: 20.20.2
Release: 3.fc44
URL: https://nodejs.org
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory denial of service fedora update important nodejs20

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here