Alerts This Week
Warning Icon 1 537
Alerts This Week
Warning Icon 1 537

Critical Resource Exhaustion Vulnerability in openSUSE Leap 15.6 nodejs22

opensuse
Calendar Grey January 26, 2026
Dist Opensuse Esm H88
An important update for nodejs22 resolves seven vulnerabilities in openSUSE. Critical security fixes enhance system integrity.
An update that solves seven vulnerabilities can now be installed.

Description

This update for nodejs22 fixes the following issues:

Security fixes:

* CVE-2026-22036: Fixed unbounded decompression chain in HTTP response leading

to resource exhaustion (bsc#1256848)

* CVE-2026-21637: Fixed synchronous exceptions thrown during callbacks that

bypass TLS error handling and causing denial of service (bsc#1256576)

* CVE-2025-55132: Fixed futimes() ability to acces file even if process has

read permissions only (bsc#1256571)

* CVE-2025-55131: Fixed race condition that allowed allocations with leftover

data leading to in-process secrets exposure (bsc#1256570)

* CVE-2025-55130: Fixed filesystem permissions bypass via crafted symlinks

(bsc#1256569)

* CVE-2025-59465: Fixed malformed HTTP/2 HEADERS frame with invalid HPACK

leading to crash (bsc#1256573)

* CVE-2025-59466: Fixed uncatchable "Maximum call stack size exceeded" error

leading to crash (bsc#1256574)

Other fixes:

* Update to 22.22.0:

* deps: updated undici to 6.23.0

...

Read the Full Advisory

Topics%20covered

Topics Covered

security advisory DoS important OpenSUSE HTTP response nodejs

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch openSUSE-SLE-15.6-2026-295=1 SUSE-2026-295=1

* SUSE Linux Enterprise Server 15 SP6 LTSS

zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-295=1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6

zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-295=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* npm22-22.22.0-150600.13.12.1

* nodejs22-debugsource-22.22.0-150600.13.12.1

* nodejs22-devel-22.22.0-150600.13.12.1

* nodejs22-22.22.0-150600.13.12.1

* corepack22-22.22.0-150600.13.12.1

* nodejs22-debuginfo-22.22.0-150600.13.12.1

* openSUSE Leap 15.6 (noarch)

* nodejs22-docs-22.22.0-150600.13.12.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64)

* npm22-22.22.0-150600.13.12.1

* nodejs22-debugsource-22.22.0-150600.13.12.1

* nodejs22-devel-22.22.0-150600.13.12.1

* nodejs22-22.22.0-150600.13.12.1

* nodejs22-debuginfo-22.22.0-150600.13.12.1

* SUSE Linux Enterprise Server 15 SP6 LTSS (noarch)

* nodejs22-docs-22.22.0-150600.13.12.1

* SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64)

* npm22-22.22.0-150600.13.12.1

* nodejs22-debugsource-22.22.0-150600.13.12.1

* nodejs22-devel-22.22.0-150600.13.12.1

* nodejs22-22.22.0-150600.13.12.1

* nodejs22-debuginfo-22.22.0-150600.13.12.1

* SUSE Linux Enterprise Server for...

Read the Full Advisory

References

* bsc#1256569

* bsc#1256570

* bsc#1256571

* bsc#1256573

* bsc#1256574

* bsc#1256576

* bsc#1256848

## References:

* https://www.suse.com/security/cve/CVE-2025-55130.html

* https://www.suse.com/security/cve/CVE-2025-55131.html

* https://www.suse.com/security/cve/CVE-2025-55132.html

* https://www.suse.com/security/cve/CVE-2025-59465.html

* https://www.suse.com/security/cve/CVE-2025-59466.html

* https://www.suse.com/security/cve/CVE-2026-21637.html

* https://www.suse.com/security/cve/CVE-2026-22036.html

* https://bugzilla.suse.com/show_bug.cgi?id=1256569

* https://bugzilla.suse.com/show_bug.cgi?id=1256570

* https://bugzilla.suse.com/show_bug.cgi?id=1256571

* https://bugzilla.suse.com/show_bug.cgi?id=1256573

* https://bugzilla.suse.com/show_bug.cgi?id=1256574

* https://bugzilla.suse.com/show_bug.cgi?id=1256576

* https://bugzilla.suse.com/show_bug.cgi?id=1256848

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:0295-1
Release Date: 2026-01-26T13:19:07Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6

Topics%20covered

Topics Covered

security advisory DoS important OpenSUSE HTTP response nodejs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here