Alerts This Week
Warning Icon 1 700
Alerts This Week
Warning Icon 1 700

Fedora 43 nodejs22 Critical DoS and File Permissions Fix 2026-8663c5f961

fedora
Calendar Grey January 31, 2026
Dist Fedora Esm H88
Critical updates for Node.js on Fedora 43 address denial of service and file permissions issues.
Update to version 22.22.0

Summary

Node.js is a platform built on Chrome's JavaScript runtime \

for easily building fast, scalable network applications. \

Node.js uses an event-driven, non-blocking I/O model that \

makes it lightweight and efficient, perfect for data-intensive \

real-time applications that run across distributed devices.}

Update Information:

Update to version 22.22.0

Topics%20covered

Topics Covered

security advisory fedora update DoS Javascript nodejs22

Change Log

* Fri Jan 16 2026 Jan Stan\u011bk - 1:22.22.0-2 - Fix c-ares unbundling bits - gate %check section behind a conditional - gate ./configure flag behind a conditional * Tue Jan 13 2026 tjuhasz - 1:22.22.0-1 - Update to version 22.22.0 (rhbz#2428958) * Wed Nov 12 2025 tjuhasz - 1:22.21.1-3 - Rebuild for nodejs-packaging * Thu Nov 6 2025 Andrei Radchenko - 1:22.21.1-2 - Add upper bound to unversioned obsoletes * Wed Oct 29 2025 tjuhasz - 1:22.21.1-1 - Update to version 22.21.1 (rhbz#2406903)

References


[ 1 ] Bug #2429534 - CVE-2025-59466: DoS issue when async_hooks used in exception handling https://bugzilla.redhat.com/show_bug.cgi?id=2429534 [ 2 ] Bug #2430299 - CVE-2026-22036 nodejs22: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2430299 [ 3 ] Bug #2431455 - CVE-2025-55132 nodejs22: Nodejs filesystem permissions bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431455 [ 4 ] Bug #2431462 - CVE-2026-21637 nodejs22: Nodejs denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431462 [ 5 ] Bug #2431469 - CVE-2025-59466 nodejs22: Nodejs denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431469 [ 6 ] Bug #2431476 - CVE-2025-59464 nodejs22: Nodejs memory leak [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431476 [ 7...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-8663c5f961' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
important
Lowest
Low
Medium
High
Critical

Name: nodejs22
Product: Fedora 43
Version: 22.22.0
Release: 2.fc43
URL: http://nodejs.org/
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory fedora update DoS Javascript nodejs22

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here