Explore top 10 tips to secure your open-source projects now. Read More
×Security update. Publication date: 18 Jul 2026 URL: https://advisories.mageia.org/MGASA-2026-0257.html Type: security Affected Mageia releases: 10, 9 CVE: CVE-2026-48615, CVE-2026-48617, CVE-2026-48618, CVE-2026-48619, CVE-2026-48928, CVE-2026-48930, CVE-2026-48931, CVE-2026-48933, CVE-2026-48934, CVE-2026-48935, CVE-2026-48937 Description: lib,test: redact proxy credentials in tunnel errors. (CVE-2026-48615) permission: handle process.chdir on writereport. (CVE-2026-48617) tls: normalize hostname for server identity checks. (CVE-2026-48618) http2: cap originSet size to prevent unbounded memory growth. (CVE-2026-48619) tls: fix case-sensitive SNI context matching. (CVE-2026-48928) dns,net: reject hostnames with embedded NUL bytes. (CVE-2026-48930) http: fix response queue poisoning in http.Agent. (CVE-2026-48931) crypto: guard WebCrypto cipher output length. (CVE-2026-48933) tls: bind reusable sessions to authenticated host. (CVE-2026-48934) permission: disable FileHandle utimes with permission model. (CVE-2026-48935) deps: fix integration issues with the latest nghttp2. (CVE-2026-48937) References: - https://bugs.mageia.org/show_bug.cgi?id=35724 - https://nodejs.org/en/blog/release/v22.23.0 - https://nodejs.org/en/blog/vulnerability/june-2026-security-releases - https://www.cve.org/CVERecord?id=CVE-2026-48615 - https://www.cve.org/CVERecord?id=CVE-2026-48617 - https://www.cve.org/CVERecord?id=CVE-2026-48618 - https://www.cve.org/CVERecord?id=CVE-2026-48619 - https://www.cve.org/CVERecord?id=CVE-2026-48928 - https://www.cve.org/CVERecord?id=CVE-2026-48930 - https://www.cve.org/CVERecord?id=CVE-2026-48931 - https://www.cve.org/CVERecord?id=CVE-2026-48933 - https://www.cve.org/CVERecord?id=CVE-2026-48934 - https://www.cve.org/CVERecord?id=CVE-2026-48935 - https://www.cve.org/CVERecord?id=CVE-2026-48937 SRPMS: - 10/core/nodejs-22.23.1-2.mga10 - 9/core/nodejs-22.23.1-2.mga9 . Security vulnerabilities identified in Node.js for Mageia 10 and 9 requireimmediate attention. Patching instructions included.. nodejs security update,mageia vulnerability,critical security alert. . Severity: Critical. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-35892 http://linux.oracle.com/errata/ELSA-2026-35892.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-devel-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-docs-22.23.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-full-i18n-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-libs-22.23.1-1.module+el9.8.0+90947+d3e8e647.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm npm-10.9.8-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.x86_64.rpm v8-12.4-devel-12.4.254.21-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.x86_64.rpm aarch64: nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-devel-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-docs-22.23.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-full-i18n-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-libs-22.23.1-1.module+el9.8.0+90947+d3e8e647.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90947+d3e8e647.noarch.rpm npm-10.9.8-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.aarch64.rpm v8-12.4-devel-12.4.254.21-1.22.23.1.1.module+el9.8.0+90947+d3e8e647.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nodejs-22.23.1-1.module+el9.8.0+90947+d3e8e647.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.8.0+90947+d3e8e647.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.8.0+90947+d3e8e647.src.rpm RelatedCVEs: CVE-2026-6733 CVE-2026-9678 CVE-2026-11525 CVE-2026-12151 CVE-2026-42338 CVE-2026-48615 CVE-2026-48618 CVE-2026-48619 CVE-2026-48928 CVE-2026-48930 CVE-2026-48933 CVE-2026-48934 CVE-2026-48935 Description of changes: nodejs [1:22.23.1-1] - Update to version 22.23.1 Resolves: RHEL-186622 RHEL-185998 RHEL-183669 Fixes: CVE-2026-12151 CVE-2026-48618 CVE-2026-48933 CVE-2026-48937 CVE-2026-48930 CVE-2026-48619 CVE-2026-48615 CVE-2026-48934 CVE-2026-48928 CVE-2026-48617 CVE-2026-48931 CVE-2026-48935 CVE-2026-42338 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 [2.0.15-1] - Resolves: RHBZ#2005419 - Resolves CVE-2020-28469 - Rebase to newest version - Change source to npmjs.com nodejs-packaging [2021.06-6] - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-120511 [2021.06-5] - nodejs.req to properly detect bundled deps _______________________________________________ El-errata mailing list
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-35891 http://linux.oracle.com/errata/ELSA-2026-35891.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-devel-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-docs-24.18.0-1.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-full-i18n-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-libs-24.18.0-1.module+el9.8.0+90946+13dc792a.x86_64.rpm nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm npm-11.16.0-1.24.18.0.1.module+el9.8.0+90946+13dc792a.noarch.rpm v8-13.6-devel-13.6.233.17-1.24.18.0.1.module+el9.8.0+90946+13dc792a.x86_64.rpm aarch64: nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-devel-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-docs-24.18.0-1.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-full-i18n-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-libs-24.18.0-1.module+el9.8.0+90946+13dc792a.aarch64.rpm nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.8.0+90946+13dc792a.noarch.rpm npm-11.16.0-1.24.18.0.1.module+el9.8.0+90946+13dc792a.noarch.rpm v8-13.6-devel-13.6.233.17-1.24.18.0.1.module+el9.8.0+90946+13dc792a.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nodejs-24.18.0-1.module+el9.8.0+90946+13dc792a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.3-3.module+el9.8.0+90946+13dc792a.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.8.0+90946+13dc792a.src.rpm RelatedCVEs: CVE-2026-6733 CVE-2026-6734 CVE-2026-9678 CVE-2026-9697 CVE-2026-11525 CVE-2026-12151 CVE-2026-42338 CVE-2026-48615 CVE-2026-48618 CVE-2026-48619 CVE-2026-48928 CVE-2026-48930 CVE-2026-48933 CVE-2026-48934 CVE-2026-48935 Description of changes: nodejs [1:24.18.0-1] - Update to version 24.18.0 nodejs-nodemon [3.0.3-3] - Keep BR on just npm [3.0.3-2] - Fix BR for nodejs-npm nodejs-packaging [2021.06-6] - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121569 [2021.06-5] - nodejs.req to properly detect bundled deps _______________________________________________ El-errata mailing list
Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure. For Debian 11 bullseye, these problems have been fixed in version 12.22.12~dfsg-1~deb11u8. We recommend that you upgrade your nodejs packages.. Debian LTS Advisory DLA-4598-1
Multiple vulnerabilities were discovered in Node.js, which could result in denial of service or information disclosure. For the oldstable distribution (bookworm), these problems have been fixed in version 18.20.4+dfsg-1~deb12u2. We recommend that you upgrade your nodejs packages.. - ------------------------------------------------------------------------- Debian Security Advisory DSA-6272-1
The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-8339 http://linux.oracle.com/errata/ELSA-2026-8339.html The following updated rpms for Oracle Linux 8 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm nodejs-devel-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm nodejs-docs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm aarch64: nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm nodejs-devel-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm nodejs-docs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm SRPMS: http://oss.oracle.com/ol8/SRPMS-updates/nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.src.rpm http://oss.oracle.com/ol8/SRPMS-updates/nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.src.rpm Related CVEs: CVE-2026-21710 CVE-2026-26996 CVE-2026-27135 CVE-2026-27904 Description of changes: nodejs [1:20.20.2-1] - Update to version 20.20.2 - Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-154018 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547CVE-2026-21710 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 [2.0.19-1] - Rebase to 2.0.19 Resolves: CVE-2022-33987 [2.0.15-1] - Resolves: RHBZ#2005419 - Resolves CVE-2020-28469 - Rebase to newest version - Change source to npmjs.com [2.0.7-1] - Resolves: RHBZ#1953991 - Update to 2.0.7 to resolve CVE-2020-28469 [2.0.3-1] - Updated [1.18.3-1] - Resolves: #1615413 - Updated - bundled [1.11.0-2] - rh-nodejs8 rebuild [1.11.0-1] - Updated with script nodejs-packaging [2021.06-5] - nodejs.req properly detect bundled deps [2021.06-4] - NPM bundler: also find namespaced bundled dependencies [2021.06-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild [2021.06-2] - Fix hard-coded output directory in the bundler [2021.06-1] - Update to 2021.06-1 - bundler: Handle archaic license metadata - bundler: Warn about bundled dependencies with no license metadata [2021.01-3] - Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild [2021.01-2] - nodejs-packaging-bundler improvements to handle uncommon characters [2021.01] - Add nodejs-packaging-bundler and update README.md [2020.09-1] - Move to dist-git as the upstream [25-1] - Fix incorrect bundled library detection for Requires _______________________________________________ El-errata mailing list
Important: nodejs:20 security update. {"type": "TYPE_SECURITY", "shortCode": "RL", "name": "RLSA-2026:8339", "synopsis": "Important: nodejs:20 security update", "severity": "SEVERITY_IMPORTANT", "topic": "An update is available for nodejs-nodemon, module.nodejs-packaging, module.nodejs-nodemon, nodejs-packaging.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list", "description": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. \n\nSecurity Fix(es):\n\n* minimatch: minimatch: Denial of Service via specially crafted glob patterns (CVE-2026-26996)\n\n* minimatch: Minimatch: Denial of Service via catastrophic backtracking in glob expressions (CVE-2026-27904)\n\n* nghttp2: nghttp2: Denial of Service via malformed HTTP/2 frames after session termination (CVE-2026-27135)\n\n* Node.js: Node.js: Denial of Service due to crafted HTTP `__proto__` header (CVE-2026-21710)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "solution": null, "affectedProducts": ["Rocky Linux 8"], "fixes": [{"ticket": "2441268", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2441268", "description": ""}, {"ticket": "2442922", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2442922", "description": ""}, {"ticket": "2448754", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2448754", "description": ""}, {"ticket": "2453151", "sourceBy": "Red Hat", "sourceLink": "https://bugzilla.redhat.com/show_bug.cgi?id=2453151", "description": ""}], "cves": [{"name": "CVE-2026-21710", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-21710", "cvss3ScoringVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-843"}, {"name": "CVE-2026-26996", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-26996", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-1333"}, {"name": "CVE-2026-27135", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-27135", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "cvss3BaseScore": "7.5", "cwe": "CWE-617"}, {"name": "CVE-2026-27904", "sourceBy": "MITRE", "sourceLink": "https://www.cve.org/CVERecord?id=CVE-2026-27904", "cvss3ScoringVector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "cvss3BaseScore": "6.5", "cwe": "CWE-1333"}], "references": [], "publishedAt": "2026-04-16T00:01:17.370160Z", "rpms": {"Rocky Linux 8": {"nvras": ["nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1988+437f3d23.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1824+532140ee.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1935+d3cbe60f.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1924+614dc87f.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1666+930e28e8.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1989+e60144d9.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1667+4a788d89.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+1760+903d54b9.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1823+b5789597.noarch.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1924+614dc87f.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1935+d3cbe60f.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1666+930e28e8.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1667+4a788d89.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1989+e60144d9.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1988+437f3d23.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.9.0+1760+903d54b9.src.rpm", "nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1823+b5789597.src.rpm","nodejs-nodemon-0:3.0.1-1.module+el8.10.0+1824+532140ee.src.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm", "nodejs-packaging-0:2021.06-6.module+el8.10.0+40048+6d99f608.src.rpm", "nodejs-packaging-bundler-0:2021.06-6.module+el8.10.0+40048+6d99f608.noarch.rpm"]}}, "rebootSuggested": false, "buildReferences": []}. Updates for nodejs on Rocky Linux 8 address important DoS issues. Check impacts and solutions for secure configuration.. nodejs security update, Rocky Linux advisory, important nodejs vulnerabilities, denial of service fix. . Severity: Important. LinuxSecurity.com Team
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:. Oracle Linux Security Advisory ELSA-2026-7896 http://linux.oracle.com/errata/ELSA-2026-7896.html The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network: x86_64: nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.x86_64.rpm aarch64: nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.aarch64.rpm SRPMS: http://oss.oracle.com/ol9/SRPMS-updates/nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.src.rpm http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.src.rpm Related CVEs: CVE-2026-21710 CVE-2026-26996 CVE-2026-27135 CVE-2026-27904 Description of changes: nodejs [1:20.20.2-1] - Update to version 20.20.2 Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change. Resolves: RHEL-164336 Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547CVE-2026-21710 nodejs-nodemon [3.0.1-1] - Rebase to 3.0.1 - Resolves: CVE-2022-25883 [2.0.20-2] - Patch bundled glob-parent - Resolves: CVE-2021-35065 [2.0.20-1] - Rebase to 2.0.20 Resolves: CVE-2022-3517 [2.0.15-1] - Resolves: RHBZ#2005419 - Resolves CVE-2020-28469 - Rebase to newest version - Change source to npmjs.com nodejs-packaging [2021.06-6] - Properly handle @group/package deps in nodejs-symlink-deps Resolves: RHEL-121579 [2021.06-5] - nodejs.req to properly detect bundled deps _______________________________________________ El-errata mailing list
Get the latest Linux and open source security news straight to your inbox.