[security - high] nodejs:22 security update
エラータID: AXSA:2025-10526:01
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js (CVE-2025-23166)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
CVE-2025-23166
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
Modularity name: "nodejs"
Stream name: "22"
Update packages.
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
N/A
SRPMS
- nodejs-nodemon-3.0.1-1.module+el9+1097+78f3cb3f.src.rpm
MD5: 8db0d9f5b73cce898c3c806ad15734a9
SHA-256: 3dcbc11a1382141e6e72e656406b7b6c0413e2ec7f9a5bdf1e7b803ec420d44e
Size: 339.27 kB - nodejs-packaging-2021.06-4.module+el9+1097+78f3cb3f.src.rpm
MD5: a7dfc16b59ee2bc5ca585e4fc33dcaf6
SHA-256: 1fe60067b52e746517d74097c891d8c71bf96f53120c5ee6b46bb8830a33f9b1
Size: 26.54 kB - nodejs-22.16.0-1.module+el9+1097+78f3cb3f.src.rpm
MD5: 2df06e6f7990e9b2ca825550c371377e
SHA-256: fb56d10313ed2e2e477e1b225c57356200e7b5c3f7d03ce7e2c5a13070257105
Size: 90.58 MB
Asianux Server 9 for x86_64
- nodejs-22.16.0-1.module+el9+1097+78f3cb3f.x86_64.rpm
MD5: eccd73c041f6229fa8a2248658e9118b
SHA-256: 59c937bc7cc3510b6b7eafbab04a6ce1c586108df975130f929aff9d2a9ef817
Size: 2.33 MB - nodejs-debugsource-22.16.0-1.module+el9+1097+78f3cb3f.x86_64.rpm
MD5: d8883a8027483d191ae9c744cca8851f
SHA-256: 1cd04653956f3e0b63fcaa791533c6605cfa39b7b7e000b09f96c7f9db3cb8f7
Size: 18.13 MB - nodejs-devel-22.16.0-1.module+el9+1097+78f3cb3f.x86_64.rpm
MD5: 8178ea5e94b80f49ab7fe1bca6032bec
SHA-256: 00f86dff1826b74d808e18092833427bc74d2f499da2d3aedb2bfd064edb350c
Size: 275.18 kB - nodejs-docs-22.16.0-1.module+el9+1097+78f3cb3f.noarch.rpm
MD5: 06238550e660790e707236508b5b334c
SHA-256: b87ac211cd0c032226bb57afd167380aa2b05958bc24cf9ea2fe2d785ce9e616
Size: 9.00 MB - nodejs-full-i18n-22.16.0-1.module+el9+1097+78f3cb3f.x86_64.rpm
MD5: ac6cad45b53871adecd4bfc959b470bc
SHA-256: 5c2dd9b94b600e2b1441802ea5a2d43b4bd5bed70ab0b08322585cdab6f2c400
Size: 8.60 MB - nodejs-libs-22.16.0-1.module+el9+1097+78f3cb3f.x86_64.rpm
MD5: 2a0ca693ac5de7497039c549a60a6865
SHA-256: 1e7a81353d5e3d2a1207e833207b6f4f6a9b3f7bee64f9a36927b0bcfbc3279e
Size: 20.68 MB - nodejs-nodemon-3.0.1-1.module+el9+1097+78f3cb3f.noarch.rpm
MD5: fb2510796261d7cfd0108c2bf2e514d8
SHA-256: f41045cb2fae3551383a7c6e743b8fe9bbe2bd5ace96d210216107b52350b0f8
Size: 332.33 kB - nodejs-packaging-2021.06-4.module+el9+1097+78f3cb3f.noarch.rpm
MD5: e57c0f94e299017ae1332c2039a1f661
SHA-256: 29d9acfbb05b3fd89cd5de5de5aabf28b7a147c7b7d8c91ee70b9273aa207366
Size: 19.92 kB - nodejs-packaging-bundler-2021.06-4.module+el9+1097+78f3cb3f.noarch.rpm
MD5: 8f5e671a2514cfe1af0c12ff65629411
SHA-256: f8e4f7a8eac1d61774f80092c6e8452437ad6ec4c7edac6843e17693fe2f4c98
Size: 9.76 kB - npm-10.9.2-1.22.16.0.1.module+el9+1097+78f3cb3f.x86_64.rpm
MD5: 18e56853229d9fc72f75e1f87c2cdede
SHA-256: bebbeff94c77ffd26e0c413b61d8c62ba782bdcfd234cb9bfcc500d204e9e83d
Size: 2.51 MB - v8-12.4-devel-12.4.254.21-1.22.16.0.1.module+el9+1097+78f3cb3f.x86_64.rpm
MD5: b72b75e9df3506d328ef8f872db89506
SHA-256: f9a6bfe1ff794d09a77fc1f7d7927de991a5da241f13fa73ca469110ce1d1a67
Size: 14.57 kB