This update for nodejs24 fixes the following issues:
Update to version 24.14.1.
Security issues fixed:
- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for
performance degradation via a crafted request (bsc#1260494).
- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file
permissions and ownership on already-open file descriptors (bsc#1260462).
- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and
filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).
- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent
on stream 0 (bsc#1260480).
- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and
potential MAC forgery (bsc#1260463).
- CVE-2026-21712: assertion...
Read the Full Advisory- openSUSE Leap 16.0:
corepack24-24.14.1-160000.1.1
nodejs24-24.14.1-160000.1.1
nodejs24-devel-24.14.1-160000.1.1
nodejs24-docs-24.14.1-160000.1.1
npm24-24.14.1-160000.1.1
* bsc#1256572
* bsc#1256576
* bsc#1260455
* bsc#1260460
* bsc#1260462
* bsc#1260463
* bsc#1260480
* bsc#1260482
* bsc#1260494
References:
* https://www.suse.com/security/cve/CVE-2025-59464.html
* https://www.suse.com/security/cve/CVE-2026-21637.html
* https://www.suse.com/security/cve/CVE-2026-21710.html
* https://www.suse.com/security/cve/CVE-2026-21712.html
* https://www.suse.com/security/cve/CVE-2026-21713.html
* https://www.suse.com/security/cve/CVE-2026-21714.html
* https://www.suse.com/security/cve/CVE-2026-21715.html
* https://www.suse.com/security/cve/CVE-2026-21716.html
* https://www.suse.com/security/cve/CVE-2026-21717.html
Get the latest Linux and open source security news straight to your inbox.