Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 13 articles for you...
89
security advisorydenial of servicefedoraUbuntu 23.04 python38 Key Security Patch 2025-2f56a12ab3
Update for nodejs20. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-0f43f09cd9 2026-05-13 21:26:39.337188+00:00 -------------------------------------------------------------------------------- Name : nodejs20 Product : Fedora 42 Version : 20.20.2 Release : 4.fc42 URL : https://nodejs.org Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -------------------------------------------------------------------------------- Update Information: Update for nodejs20 -------------------------------------------------------------------------------- ChangeLog: * Fri Apr 24 2026 Andrei Radchenko - 1:20.20.2-4 - test plan: diverge from f44 - bin packages were introduced in f44 onwards - provision step should be set automatically by testing farm * Tue Apr 14 2026 tjuhasz - 1:20.20.2-3 - Rework of update of nghttp2 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-2 - Update bundled nghttp2 to 1.68.1 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-1 - Update to version 20.20.2 (rhbz#2444850) * Tue Apr 14 2026 tjuhasz - 1:20.20.1-1 - Update to version 20.20.1 (rhbz#2444850) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-5 - Disable flaky test on s390x * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-4 - Own /usr/lib/node_modules again (rhbz#2438837) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-3 - Convert to next-gen packaging - Use packaging scripts and spec file structure from current nodejs24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2453563 - CVE-2026-21717 nodejs20: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453563 [ 2 ] Bug #2453567 - CVE-2026-21714 nodejs20: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453567 [ 3 ] Bug #2453570 - CVE-2026-21713 nodejs20: Node.js: Information disclosure via timing oracle in HMAC verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453570 [ 4 ] Bug #2453592 - CVE-2026-21716 nodejs20: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453592 [ 5 ] Bug #2453596 - CVE-2026-21715 nodejs20: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453596 [ 6 ] Bug #2453599 - CVE-2026-21710 nodejs20: Node.js: Denial of Service due to crafted HTTP `__proto__` header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453599 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-0f43f09cd9' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Critical update for Fedora 42 addressing nodejs20 Denial of Service issues with important fixes and enhancements.. nodejs20 updates Fedora security patch Denial of Service. . Severity: Important. LinuxSecurity.com Team
May 13, 2026
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 43 Nodejs20 Important Denial of Service Issues 2026-9dc3a61ad8
Update to version 20.20.2. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-9dc3a61ad8 2026-05-05 01:12:48.425414+00:00 -------------------------------------------------------------------------------- Name : nodejs20 Product : Fedora 43 Version : 20.20.2 Release : 3.fc43 URL : https://nodejs.org Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -------------------------------------------------------------------------------- Update Information: Update to version 20.20.2 -------------------------------------------------------------------------------- ChangeLog: * Tue Apr 14 2026 tjuhasz - 1:20.20.2-3 - Rework of update of nghttp2 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-2 - Update bundled nghttp2 to 1.68.1 * Tue Apr 14 2026 tjuhasz - 1:20.20.2-1 - Update to version 20.20.2 (rhbz#2444850) * Tue Apr 14 2026 tjuhasz - 1:20.20.1-1 - Update to version 20.20.1 (rhbz#2444850) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-5 - Disable flaky test on s390x * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-4 - Own /usr/lib/node_modules again (rhbz#2438837) * Tue Apr 14 2026 Jan Stan\u011bk - 1:20.20.0-3 - Convert to next-gen packaging - Use packaging scripts and spec file structure from current nodejs24 -------------------------------------------------------------------------------- References: [ 1 ] Bug #2447158 - CVE-2026-1528 nodejs20: undici: Denial of Service via crafted WebSocket frame with large length [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447158 [ 2 ] Bug #2447161 - CVE-2026-2229 nodejs20: Undici: Denial of Service via invalid WebSocket permessage-deflate extension parameter [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447161 [ 3 ] Bug #2447168 - CVE-2026-1525 nodejs20: Undici: HTTP Request Smuggling and Denial of Service due to duplicate Content-Length headers [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447168 [ 4 ] Bug #2447172 - CVE-2026-1527 nodejs20: Undici: HTTP header injection and request smuggling vulnerability [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447172 [ 5 ] Bug #2447179 - CVE-2026-1526 nodejs20: undici: Denial of Service via unbounded memory consumption during WebSocket permessage-deflate decompression [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2447179 [ 6 ] Bug #2453563 - CVE-2026-21717 nodejs20: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453563 [ 7 ] Bug #2453567 - CVE-2026-21714 nodejs20: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453567 [ 8 ] Bug #2453570 - CVE-2026-21713 nodejs20: Node.js: Information disclosure via timing oracle in HMAC verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453570 [ 9 ] Bug #2453592 - CVE-2026-21716 nodejs20: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453592 [ 10 ] Bug #2453596 - CVE-2026-21715 nodejs20: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453596 [ 11 ] Bug #2453599 - CVE-2026-21710 nodejs20: Node.js: Denial of Service due to crafted HTTP `__proto__` header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453599 -------------------------------------------------------------------------------- Thisupdate can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-9dc3a61ad8' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Denial of service risks in Fedora 43 nodejs20 updated to v20.20.2 with critical security advisories and fixes.. denial of service,nodejs security,Fedora 43,node.js vulnerabilities,update notification. . Severity: Important. LinuxSecurity.com Team
May 05, 2026
•Important
Fedora
89
security advisorydenial of servicefedoraFedora 44 nodejs20 Denial of Service Issues Update 2026-05-05
Update to version 20.20.2 Automatic update for nodejs20-20.20.0-7.fc44.. -------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-c99f9dc3b1 2026-05-05 00:53:44.303222+00:00 -------------------------------------------------------------------------------- Name : nodejs20 Product : Fedora 44 Version : 20.20.2 Release : 3.fc44 URL : https://nodejs.org Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -------------------------------------------------------------------------------- Update Information: Update to version 20.20.2 Automatic update for nodejs20-20.20.0-7.fc44. -------------------------------------------------------------------------------- ChangeLog: * Wed Apr 1 2026 tjuhasz - 1:20.20.2-3 - Rework of update of nghttp2 * Mon Mar 30 2026 tjuhasz - 1:20.20.2-2 - Update bundled nghttp2 to 1.68.1 * Wed Mar 25 2026 tjuhasz - 1:20.20.2-1 - Update to version 20.20.2 (rhbz#2444850) * Fri Mar 20 2026 tjuhasz - 1:20.20.1-1 - Update to version 20.20.1 (rhbz#2444850) * Wed Mar 18 2026 Andrei Radchenko - 1:20.20.0-10 - introduce -bins sub-plan * Tue Mar 10 2026 Andrei Radchenko - 1:20.20.0-9 - tests: share metadata for all plans * Tue Feb 17 2026 Andrei Radchenko - 1:20.20.0-8 - spec: remove obsolete requires * Tue Feb 17 2026 Jan Stan\u011bk - 1:20.20.0-7 - Disable flaky test on s390x * Mon Feb 16 2026 Jan Stan\u011bk - 1:20.20.0-6 - Own /usr/lib/node_modules again (rhbz#2438837) -------------------------------------------------------------------------------- References: [ 1 ] Bug #2438837 - nodejs20 does not own/provide /usr/lib/node_modules directory https://bugzilla.redhat.com/show_bug.cgi?id=2438837 [ 2 ] Bug #2453563 - CVE-2026-21717 nodejs20: Node.js: Denial of Service via V8 string hashing mechanism due to predictable hash collisions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453563 [ 3 ] Bug #2453567 - CVE-2026-21714 nodejs20: Node.js: Memory leak and Denial of Service via crafted HTTP/2 WINDOW_UPDATE frames [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453567 [ 4 ] Bug #2453570 - CVE-2026-21713 nodejs20: Node.js: Information disclosure via timing oracle in HMAC verification [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453570 [ 5 ] Bug #2453592 - CVE-2026-21716 nodejs20: Node.js: Permission bypass allows unauthorized modification of file permissions and ownership via incomplete security fix. [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453592 [ 6 ] Bug #2453596 - CVE-2026-21715 nodejs20: Node.js: Information disclosure due to `fs.realpathSync.native()` bypassing filesystem read restrictions [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453596 [ 7 ] Bug #2453599 - CVE-2026-21710 nodejs20: Node.js: Denial of Service due to crafted HTTP `__proto__` header [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2453599 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-c99f9dc3b1' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys -------------------------------------------------------------------------------- . Update for Fedora 44 nodejs20 addresses critical Denial of Service issues and provides enhanced system performance.. Fedora 44 Update nodejs20 Denial of Service. .Severity: Important. LinuxSecurity.com Team
May 05, 2026
•Important
Fedora
100
security advisorySuSEimportantopenSUSE Leap 15.6 SUSE-SU-2026-1460-1 Nodejs22 Performance Decline Noted
An update that solves seven vulnerabilities can now be installed.. # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1363-1 Release Date: 2026-04-15T14:16:21Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To installthis SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1363=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1363=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1363=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * corepack20-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html *https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 . Latest SUSE update for nodejs20 enhances security by resolving seven critical issues including performance and resource concerns.. SUSE nodejs20 vulnerabilities update security important. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2026
•Important
SuSE
202
security advisoryimportantfile permissionsopenSUSE Leap 15.6 nodejs14 Key Update Alert SUSE-SU-2026-1457-1
An update that solves seven vulnerabilities can now be installed.. # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1363-1 Release Date: 2026-04-15T14:16:21Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server 15 SP6 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP6 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct` (bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To installthis SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP6-2026-1363=1 * openSUSE Leap 15.6 zypper in -t patch SUSE-2026-1363=1 * SUSE Linux Enterprise Server 15 SP6 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP6-LTSS-2026-1363=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (ppc64le x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * corepack20-20.20.2-150600.3.18.1 * openSUSE Leap 15.6 (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-20.20.2-150600.3.18.1 * nodejs20-debugsource-20.20.2-150600.3.18.1 * npm20-20.20.2-150600.3.18.1 * nodejs20-debuginfo-20.20.2-150600.3.18.1 * nodejs20-devel-20.20.2-150600.3.18.1 * SUSE Linux Enterprise Server 15 SP6 LTSS (noarch) * nodejs20-docs-20.20.2-150600.3.18.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html *https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 . Update for openSUSE addressing seven issues in Node.js. Important patch installation details for improved security.. openSUSE Node.js update security important patch. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2026
•Important
OpenSUSE
202
security advisoryimportantOpenSUSEopenSUSE 2026-1371-1 nodejs20 Important Resource Exhaustion Issues
An update that solves seven vulnerabilities can now be installed.. # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1371-1 Release Date: 2026-04-15T14:46:55Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct`(bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1371=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * corepack20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 *npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 . An important security advisory about seven vulnerabilities in nodejs20 on openSUSE. Install updates for strong protection.. openSUSE security advisory,nodejs20 vulnerabilities,important updates. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2026
•Important
OpenSUSE
100
security advisorySuSEweb applicationSUSE Nodejs20 Important Issues Update 2026-1371-1 CVE-2026-21637
An update that solves seven vulnerabilities can now be installed.. # Security update for nodejs20 Announcement ID: SUSE-SU-2026:1371-1 Release Date: 2026-04-15T14:46:55Z Rating: important References: * bsc#1256576 * bsc#1260455 * bsc#1260462 * bsc#1260463 * bsc#1260480 * bsc#1260482 * bsc#1260494 Cross-References: * CVE-2026-21637 * CVE-2026-21710 * CVE-2026-21713 * CVE-2026-21714 * CVE-2026-21715 * CVE-2026-21716 * CVE-2026-21717 CVSS scores: * CVE-2026-21637 ( SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21710 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21710 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21713 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N * CVE-2026-21713 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2026-21713 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2026-21714 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2026-21714 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21714 ( NVD ): 5.3 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21715 ( SUSE ): 4.8 CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N * CVE-2026-21715 ( SUSE ): 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21715 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N * CVE-2026-21716 ( SUSE ): 2.0 CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2026-21716 ( SUSE ): 4.4CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N * CVE-2026-21716 ( NVD ): 3.3 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N * CVE-2026-21717 ( SUSE ): 7.2 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N * CVE-2026-21717 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2026-21717 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: Update to version 20.20.2. * CVE-2026-21717: trivially predictable hash collisions due to flaw in V8's string hashing mechanism allows for performance degradation via a crafted request (bsc#1260494). * CVE-2026-21716: incomplete fix for CVE-2024-36137 allows promise-based FileHandle methods to be used to modify file permissions and ownership on already-open file descriptors (bsc#1260462). * CVE-2026-21715: flaw in the Permission Model filesystem enforcement allows for file existence disclosure and filesystem path enumeration via `fs.realpathSync.native()` (bsc#1260482). * CVE-2026-21714: memory leak in Node.js HTTP/2 server allows for resource exhaustion via `WINDOW_UPDATE` frames sent on stream 0 (bsc#1260480). * CVE-2026-21713: timing side-channel due to flaw in Node.js HMAC verification allows for discovery of HMAC values and potential MAC forgery (bsc#1260463). * CVE-2026-21710: uncaught `TypeError` when handling HTTP requests allows for a process crash via requests with a header named `__proto__` when the application accesses `req.headersDistinct`(bsc#1260455). * CVE-2026-21637: flaw in TLS error handling allows for resource exhaustion and crash when `pskCallback` or `ALPNCallback` are in use (bsc#1256576). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-1371=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-1371=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-1371=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-1371=1 ## Package List: * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * corepack20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 *npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs20-debuginfo-20.20.2-150500.11.27.1 * nodejs20-devel-20.20.2-150500.11.27.1 * nodejs20-debugsource-20.20.2-150500.11.27.1 * npm20-20.20.2-150500.11.27.1 * nodejs20-20.20.2-150500.11.27.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs20-docs-20.20.2-150500.11.27.1 ## References: * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-21710.html * https://www.suse.com/security/cve/CVE-2026-21713.html * https://www.suse.com/security/cve/CVE-2026-21714.html * https://www.suse.com/security/cve/CVE-2026-21715.html * https://www.suse.com/security/cve/CVE-2026-21716.html * https://www.suse.com/security/cve/CVE-2026-21717.html * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1260455 * https://bugzilla.suse.com/show_bug.cgi?id=1260462 * https://bugzilla.suse.com/show_bug.cgi?id=1260463 * https://bugzilla.suse.com/show_bug.cgi?id=1260480 * https://bugzilla.suse.com/show_bug.cgi?id=1260482 * https://bugzilla.suse.com/show_bug.cgi?id=1260494 . This update for SUSE nodejs20 addresses seven important issues to enhance security and performance. Install recommended patches.. Nodejs20, SUSE, security audit, system updates. . Severity: Important. LinuxSecurity.com Team
Apr 15, 2026
•Important
SuSE
100
security advisorysecurity issueSuSESUSE Nodejs20 Important Security Update 2026-0457-1 CVE-2025-55130
An update that solves seven vulnerabilities can now be installed.. # Security update for nodejs20 Announcement ID: SUSE-SU-2026:0457-1 Release Date: 2026-02-11T22:21:24Z Rating: important References: * bsc#1256569 * bsc#1256570 * bsc#1256571 * bsc#1256573 * bsc#1256574 * bsc#1256576 * bsc#1256848 Cross-References: * CVE-2025-55130 * CVE-2025-55131 * CVE-2025-55132 * CVE-2025-59465 * CVE-2025-59466 * CVE-2026-21637 * CVE-2026-22036 CVSS scores: * CVE-2025-55130 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55130 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-55130 ( NVD ): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N * CVE-2025-55130 ( NVD ): 7.1 CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2025-55131 ( SUSE ): 9.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N * CVE-2025-55131 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2025-55131 ( NVD ): 7.1 CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L * CVE-2025-55132 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N * CVE-2025-55132 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2025-55132 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N * CVE-2025-55132 ( NVD ): 2.8 CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N * CVE-2025-59465 ( SUSE ): 8.7 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59465 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59465 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59466 ( SUSE ): 8.2 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N * CVE-2025-59466 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59466 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2025-59466 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 (SUSE ): 6.9 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-21637 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-21637 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-21637 ( NVD ): 5.9 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22036 ( SUSE ): 6.3 CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N * CVE-2026-22036 ( SUSE ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L * CVE-2026-22036 ( NVD ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2026-22036 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.5 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server 15 SP5 LTSS * SUSE Linux Enterprise Server for SAP Applications 15 SP5 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs20 fixes the following issues: * Update to 20.20.0: * CVE-2026-22036: Updated undici to 6.23.0 (bsc#1256848) * CVE-2025-59465: Add TLSSocket default error handler (bsc#1256573) * CVE-2025-55132: Disable futimes when permission model is enabled (bsc#1256571) * CVE-2025-55130: Require full read and write to symlink APIs (bsc#1256569) * CVE-2025-59466: Rethrow stack overflow exceptions in async_hooks (bsc#1256574) * CVE-2025-55131: Refactor unsafe buffer creation to remove zero-fill toggle (bsc#1256570) * CVE-2026-21637: Route callback exceptions through error handlers (bsc#1256576) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-LTSS-2026-457=1 * SUSE Linux Enterprise Server 15 SP5 LTSS zypper in -t patch SUSE-SLE-Product-SLES-15-SP5-LTSS-2026-457=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP5-2026-457=1 * openSUSE Leap 15.5 zypper in -t patch SUSE-2026-457=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 zypper in -t patch SUSE-SLE-Product-HPC-15-SP5-ESPOS-2026-457=1 ## Package List: * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (aarch64 x86_64) * nodejs20-debugsource-20.20.0-150500.11.24.1 * nodejs20-20.20.0-150500.11.24.1 * nodejs20-devel-20.20.0-150500.11.24.1 * nodejs20-debuginfo-20.20.0-150500.11.24.1 * npm20-20.20.0-150500.11.24.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP5 (noarch) * nodejs20-docs-20.20.0-150500.11.24.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (aarch64 ppc64le s390x x86_64) * nodejs20-debugsource-20.20.0-150500.11.24.1 * nodejs20-20.20.0-150500.11.24.1 * nodejs20-devel-20.20.0-150500.11.24.1 * nodejs20-debuginfo-20.20.0-150500.11.24.1 * npm20-20.20.0-150500.11.24.1 * SUSE Linux Enterprise Server 15 SP5 LTSS (noarch) * nodejs20-docs-20.20.0-150500.11.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (ppc64le x86_64) * nodejs20-debugsource-20.20.0-150500.11.24.1 * nodejs20-20.20.0-150500.11.24.1 * nodejs20-devel-20.20.0-150500.11.24.1 * nodejs20-debuginfo-20.20.0-150500.11.24.1 * npm20-20.20.0-150500.11.24.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 (noarch) * nodejs20-docs-20.20.0-150500.11.24.1 * openSUSE Leap 15.5 (aarch64 ppc64le s390x x86_64 i586) * corepack20-20.20.0-150500.11.24.1 * nodejs20-debugsource-20.20.0-150500.11.24.1 * nodejs20-20.20.0-150500.11.24.1 * nodejs20-devel-20.20.0-150500.11.24.1 * nodejs20-debuginfo-20.20.0-150500.11.24.1 *npm20-20.20.0-150500.11.24.1 * openSUSE Leap 15.5 (noarch) * nodejs20-docs-20.20.0-150500.11.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (aarch64 x86_64) * nodejs20-debugsource-20.20.0-150500.11.24.1 * nodejs20-20.20.0-150500.11.24.1 * nodejs20-devel-20.20.0-150500.11.24.1 * nodejs20-debuginfo-20.20.0-150500.11.24.1 * npm20-20.20.0-150500.11.24.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP5 (noarch) * nodejs20-docs-20.20.0-150500.11.24.1 ## References: * https://www.suse.com/security/cve/CVE-2025-55130.html * https://www.suse.com/security/cve/CVE-2025-55131.html * https://www.suse.com/security/cve/CVE-2025-55132.html * https://www.suse.com/security/cve/CVE-2025-59465.html * https://www.suse.com/security/cve/CVE-2025-59466.html * https://www.suse.com/security/cve/CVE-2026-21637.html * https://www.suse.com/security/cve/CVE-2026-22036.html * https://bugzilla.suse.com/show_bug.cgi?id=1256569 * https://bugzilla.suse.com/show_bug.cgi?id=1256570 * https://bugzilla.suse.com/show_bug.cgi?id=1256571 * https://bugzilla.suse.com/show_bug.cgi?id=1256573 * https://bugzilla.suse.com/show_bug.cgi?id=1256574 * https://bugzilla.suse.com/show_bug.cgi?id=1256576 * https://bugzilla.suse.com/show_bug.cgi?id=1256848 . Critical security update for nodejs20 addresses seven important issues. Install patch for SUSE promptly to maintain security.. Linux Security, SUSE Linux, Nodejs Update, Security Patching, Important Update. . Severity: Important. LinuxSecurity.com Team
Feb 12, 2026
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!