-------------------------------------------------------------------------------- Fedora Update Notification FEDORA-2026-5cd409edfa 2026-01-31 17:26:56.329391+00:00 --------------------------------------------------------------------------------
Name : nodejs24 Product : Fedora 43 Version : 24.13.0 Release : 4.fc43 URL : https://nodejs.org Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. -------------------------------------------------------------------------------- Update Information: Update to version 24.13.0 -------------------------------------------------------------------------------- ChangeLog: * Mon Jan 19 2026 tjuhasz <[email protected]> - 1:24.13.0-4 - Replace usage of man_info_compress to be funcional across all branches. * Mon Jan 19 2026 Andrei Radchenko <[email protected]> - 1:24.13.0-3 - build: expose libplatform symbols in shared libnode * Fri Jan 16 2026 Fedora Release Engineering <[email protected]> - 1:24.13.0-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_44_Mass_Rebuild * Tue Jan 13 2026 tjuhasz <[email protected]> - 1:24.13.0-1 - Update to version 24.13.0 (rhbz#2421027) * Mon Jan 12 2026 Jan StanÄk <[email protected]> - 1:24.11.1-3 - Run version checks only on bundled components * Tue Dec 2 2025 tjuhasz <[email protected]> - 1:24.11.1-2 - Fix name collision of the COMPRESS variable in spec file. -------------------------------------------------------------------------------- References: [ 1 ] Bug #2421027 - nodejs24-24.13.0 is available https://bugzilla.redhat.com/show_bug.cgi?id=2421027 [ 2 ] Bug #2430300 - CVE-2026-22036 nodejs24: Undici has an unbounded decompression chain in HTTP responses on Node.js Fetch API via Content-Encoding leads to resource exhaustion [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2430300 [ 3 ] Bug #2431456 - CVE-2025-55132 nodejs24: Nodejs filesystem permissions bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431456 [ 4 ] Bug #2431463 - CVE-2026-21637 nodejs24: Nodejs denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431463 [ 5 ] Bug #2431470 - CVE-2025-59466 nodejs24: Nodejs denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431470 [ 6 ] Bug #2431477 - CVE-2025-59464 nodejs24: Nodejs memory leak [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431477 [ 7 ] Bug #2431496 - CVE-2025-59465 nodejs24: Nodejs denial of service [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431496 [ 8 ] Bug #2431497 - CVE-2025-55130 nodejs24: Nodejs file permissions bypass [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431497 [ 9 ] Bug #2431498 - CVE-2025-55131 nodejs24: Nodejs uninitialized memory exposure [fedora-43] https://bugzilla.redhat.com/show_bug.cgi?id=2431498 -------------------------------------------------------------------------------- This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2026-5cd409edfa' at the command line. For more information, refer to the dnf documentation available at http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys --------------------------------------------------------------------------------
-- _______________________________________________ package-announce mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://forge.fedoraproject.org/infra/tickets/issues/new
