Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

openSUSE Leap 16.0 Nodejs24 Important Resource Exhaustion Vuln 2026-20519-1

opensuse
Calendar Grey April 21, 2026
Dist Opensuse Esm H88
openSUSE security update for nodejs24 resolves 9 issues needing immediate action, patch now to enhance system defense.
An update that solves 9 vulnerabilities and has 9 bug fixes can now be installed.

Description

This update for nodejs24 fixes the following issues:

Update to version 24.14.1.

Security issues fixed:

- CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for

performance degradation via a crafted request (bsc#1260494).

- CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file

permissions and ownership on already-open file descriptors (bsc#1260462).

- CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and

filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482).

- CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent

on stream 0 (bsc#1260480).

- CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and

potential MAC forgery (bsc#1260463).

- CVE-2026-21712: assertion...

Read the Full Advisory

Patch

Package List

- openSUSE Leap 16.0:

corepack24-24.14.1-160000.1.1

nodejs24-24.14.1-160000.1.1

nodejs24-devel-24.14.1-160000.1.1

nodejs24-docs-24.14.1-160000.1.1

npm24-24.14.1-160000.1.1

References

* bsc#1256572

* bsc#1256576

* bsc#1260455

* bsc#1260460

* bsc#1260462

* bsc#1260463

* bsc#1260480

* bsc#1260482

* bsc#1260494

References:

* https://www.suse.com/security/cve/CVE-2025-59464.html

* https://www.suse.com/security/cve/CVE-2026-21637.html

* https://www.suse.com/security/cve/CVE-2026-21710.html

* https://www.suse.com/security/cve/CVE-2026-21712.html

* https://www.suse.com/security/cve/CVE-2026-21713.html

* https://www.suse.com/security/cve/CVE-2026-21714.html

* https://www.suse.com/security/cve/CVE-2026-21715.html

* https://www.suse.com/security/cve/CVE-2026-21716.html

* https://www.suse.com/security/cve/CVE-2026-21717.html

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: openSUSE-SU-2026:20519-1
Rating: important
Affected Products: openSUSE Leap 16.0 -------------------------------------------------------------

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here