Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Critical DoS Resource Exhaustion Update for Node.js 24 in Fedora 42

fedora
Calendar Grey January 31, 2026
Dist Fedora Esm H88
Node.js 24.13.0 update for Fedora 42 resolves multiple security issues including resource exhaustion and denial of service.
Update to version 24.13.0.

Summary

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

Update Information:

Update to version 24.13.0.

Topics%20covered

Topics Covered

security advisory denial of service security issue fedora resource exhaustion nodejs24

Change Log

* Mon Jan 19 2026 tjuhasz - 1:24.13.0-4 - Replace usage of man_info_compress to be funcional across all branches. * Mon Jan 19 2026 Andrei Radchenko - 1:24.13.0-3 - build: expose libplatform symbols in shared libnode * Fri Jan 16 2026 Fedora Release Engineering - 1:24.13.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Jan 13 2026 tjuhasz - 1:24.13.0-1 - Update to version 24.13.0 (rhbz#2421027) * Mon Jan 12 2026 Jan Stan\u011bk - 1:24.11.1-3 - Run version checks only on bundled components * Tue Dec 2 2025 tjuhasz - 1:24.11.1-2 - Fix name collision of the COMPRESS variable in spec file. * Wed Nov 12 2025 tjuhasz - 1:24.11.1-1 - Update to version 24.11.1 (rhbz#2414318) * Wed Nov 12 2025 tjuhasz - 1:24.11.0-2 - Rebuild for nodejs-packaging * Wed Oct 29 2025 tjuhasz - 1:24.11.0-1 - Update to version 24.11.0 (rhbz#2402617)

References


[ 1 ] Bug #2421027 - nodejs24-24.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2421027 [ 2 ] Bug #2425803 - Undefined symbol after 24.11 update https://bugzilla.redhat.com/show_bug.cgi?id=2425803 [ 3 ] Bug #2430296 - CVE-2026-22036 nodejs24: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2430296 [ 4 ] Bug #2431453 - CVE-2025-55132 nodejs24: Nodejs filesystem permissions bypass [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431453 [ 5 ] Bug #2431460 - CVE-2026-21637 nodejs24: Nodejs denial of service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431460 [ 6 ] Bug #2431467 - CVE-2025-59466 nodejs24: Nodejs denial of service [fedora-42] https://bugzilla.redhat.com/show_bug.cgi?id=2431467 [ 7 ] Bug #2431474 - CVE-2025-59464 nodejs24: Nodejs memory lea...

Read the Full Advisory

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-cc863e84da' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
critical
Lowest
Low
Medium
High
Critical

Name: nodejs24
Product: Fedora 42
Version: 24.13.0
Release: 4.fc42
URL: https://nodejs.org
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory denial of service security issue fedora resource exhaustion nodejs24

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here