ELSA-2026-7302

ULN >
Oracle Linux Errata repository >
ELSA-2026-7302

ELSA-2026-7302 - nodejs:22 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-10

Description

nodejs
[1:22.22.2-1]
- Update to version 22.22.2
- introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135
- disabled failing tests in nghttp2 due to newer version
- patch for npm/braces CVE-2026-25547
Resolves: RHEL-163369
Fixes: CVE-2026-1528 CVE-2026-2229 CVE-2026-1526 CVE-2026-1525 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065

[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517

[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com

nodejs-packaging
[2021.06-6]
- Properly handle @group/package deps in nodejs-symlink-deps
Resolves: RHEL-121582

[2021.06-5]
- nodejs.req to properly detect bundled deps

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nodejs-22.22.2-1.module+el9.7.0+90867+2ede48fe.src.rpm	2bac0fad63df833d384f76608f23dfbb34d14c0717ad6d849703a11cd2262827	-	ol9_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90867+2ede48fe.src.rpm	88f4b78312bbe7a3d7417e71950e77f03b8ad369645d389084a4978df7a8fa4c	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90867+2ede48fe.src.rpm	7880f33f8e91e27c0458d69e7f3d78be50b614ede30539684904dd5842647e33	-	ol9_aarch64_appstream
	nodejs-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm	9e0984844a272cd55a5277feaddda021af5454a5e90e4eef106183f16b2a6277	-	ol9_aarch64_appstream
	nodejs-devel-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm	2a064ba55511b1fd4efb912ec477b5143f5c757808a59976ce9756dc9fc1d071	-	ol9_aarch64_appstream
	nodejs-docs-22.22.2-1.module+el9.7.0+90867+2ede48fe.noarch.rpm	b717689d89554278c5ac70fd8810486d14b087a01776d0ca9348cf4b91619182	-	ol9_aarch64_appstream
	nodejs-full-i18n-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm	d4eb7aee7714cbebf71b67f815b78a179107b8c7f15bc310dea56b949e27213f	-	ol9_aarch64_appstream
	nodejs-libs-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm	e5f0047ff636220d1cbd0cca3cbf20b6b6d9933de88d92f8e006adaa91928213	-	ol9_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90867+2ede48fe.noarch.rpm	251f9d868caaefa3ba6e1ee4af53fe8aef92a18a4995c8974e7d9d1e56aa8a12	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm	fd90a61233a5c269fdab4a6a3dac6dea20b1b78688c88c0590b248b252f38bf1	-	ol9_aarch64_appstream
	nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm	12b7cb00addf5604b30b803ab50c1e75960df80334e3c63def064b156666d9fd	-	ol9_aarch64_appstream
	npm-10.9.7-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.aarch64.rpm	ea5976dabee42fdc3a306b82e4a9557fc4f4cf8ad0485b8fc1e8176322977b63	-	ol9_aarch64_appstream
	v8-12.4-devel-12.4.254.21-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.aarch64.rpm	1d71a32f54cb0d97f46df5e7fcfaa99797ef36a68f87bd32f0b09867a3024593	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nodejs-22.22.2-1.module+el9.7.0+90867+2ede48fe.src.rpm	2bac0fad63df833d384f76608f23dfbb34d14c0717ad6d849703a11cd2262827	-	ol9_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90867+2ede48fe.src.rpm	88f4b78312bbe7a3d7417e71950e77f03b8ad369645d389084a4978df7a8fa4c	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90867+2ede48fe.src.rpm	7880f33f8e91e27c0458d69e7f3d78be50b614ede30539684904dd5842647e33	-	ol9_x86_64_appstream
	nodejs-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm	fa81a6998c2b8d569d1a4c3b5d602c54bd9e7724ee569e08c22fe0769db2d1ca	-	ol9_x86_64_appstream
	nodejs-devel-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm	2a346eda7d883f0ee8fb0ca180d141056b71cd8bcf259c55a7264c2376bad385	-	ol9_x86_64_appstream
	nodejs-docs-22.22.2-1.module+el9.7.0+90867+2ede48fe.noarch.rpm	b717689d89554278c5ac70fd8810486d14b087a01776d0ca9348cf4b91619182	-	ol9_x86_64_appstream
	nodejs-full-i18n-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm	cb9a2ec67f0fbc2e724f3f303f4ef05761f7bf98a8aa257194b1f3c259406077	-	ol9_x86_64_appstream
	nodejs-libs-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm	de5db916d1f6e65ff46676afd193e09755b7a5424c4f211611ef9c9a03be0a68	-	ol9_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90867+2ede48fe.noarch.rpm	251f9d868caaefa3ba6e1ee4af53fe8aef92a18a4995c8974e7d9d1e56aa8a12	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm	fd90a61233a5c269fdab4a6a3dac6dea20b1b78688c88c0590b248b252f38bf1	-	ol9_x86_64_appstream
	nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm	12b7cb00addf5604b30b803ab50c1e75960df80334e3c63def064b156666d9fd	-	ol9_x86_64_appstream
	npm-10.9.7-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.x86_64.rpm	191a2109af31a2dea75c39168f2f53db07cb030ccdf6d444860aef9e1c2c9753	-	ol9_x86_64_appstream
	v8-12.4-devel-12.4.254.21-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.x86_64.rpm	f5775f3123ff08badbfbf1937b4883454ed6c404ef4b050c03679df83bbc43fa	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691