Explore top 10 tips to secure your open-source projects now. Read More
×
This update for nodejs20 fixes the following issues:
Update to version 20.20.2.
* CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's
string hashing mechanism allows for performance degradation via a crafted
request (bsc#1260494).
* CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based
FileHandle methods to be used to modify file permissions and ownership on
already-open file descriptors (bsc#1260462).
* CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows
for file existence disclosure and filesystem path enumeration via
`fs.realpathSync.native()` (bsc#1260482).
* CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource
exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480).
* CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification
allows for discovery of HMAC values and potential MAC forgery (bsc#1260463).
* CVE-2026-21710:...
Read the Full Advisory## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2026-1371=1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5
zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1
* SUSE Linux Enterprise Server 15 SP5 LTSS
zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1
* SUSE Linux Enterprise Server for SAP Applications 15 SP5
zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1
* openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* corepack20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* openSUSE Leap 15.5 (noarch)
* nodejs20-docs-20.20.2-150500.11.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64
x86_64)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
* SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch)
* nodejs20-docs-20.20.2-150500.11.27.1
* SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64
x86_64)
* nodejs20-debuginfo-20.20.2-150500.11.27.1
* nodejs20-devel-20.20.2-150500.11.27.1
* nodejs20-debugsource-20.20.2-150500.11.27.1
* npm20-20.20.2-150500.11.27.1
* nodejs20-20.20.2-150500.11.27.1
*...
Read the Full Advisory* bsc#1256576
* bsc#1260455
* bsc#1260462
* bsc#1260463
* bsc#1260480
* bsc#1260482
* bsc#1260494
## References:
* https://www.suse.com/security/cve/CVE-2026-21637.html
* https://www.suse.com/security/cve/CVE-2026-21710.html
* https://www.suse.com/security/cve/CVE-2026-21713.html
* https://www.suse.com/security/cve/CVE-2026-21714.html
* https://www.suse.com/security/cve/CVE-2026-21715.html
* https://www.suse.com/security/cve/CVE-2026-21716.html
* https://www.suse.com/security/cve/CVE-2026-21717.html
* https://bugzilla.suse.com/show_bug.cgi?id=1256576
* https://bugzilla.suse.com/show_bug.cgi?id=1260455
* https://bugzilla.suse.com/show_bug.cgi?id=1260462
* https://bugzilla.suse.com/show_bug.cgi?id=1260463
* https://bugzilla.suse.com/show_bug.cgi?id=1260480
* https://bugzilla.suse.com/show_bug.cgi?id=1260482
* https://bugzilla.suse.com/show_bug.cgi?id=1260494
Get the latest Linux and open source security news straight to your inbox.