ELSA-2026-7896

ULN >
Oracle Linux Errata repository >
ELSA-2026-7896

ELSA-2026-7896 - nodejs:20 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-14

Description

nodejs
[1:20.20.2-1]
- Update to version 20.20.2
Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change.
Resolves: RHEL-164336
Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065

[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517

[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com

nodejs-packaging
[2021.06-6]
- Properly handle @group/package deps in nodejs-symlink-deps
Resolves: RHEL-121579

[2021.06-5]
- nodejs.req to properly detect bundled deps

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 9 (aarch64)	nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.src.rpm	537e3288f26f4d750aa4d12a16b907090eacb2dff483173d6c978766fbed1861	-	ol9_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.src.rpm	c7b0f5990d5c3df77f07ad5867971bf3c8fa3bd30381b2cf4c71c22f13b7a01f	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.src.rpm	41e7cf1b70df716b4c0ea60432e088e00d9d6a2861d1c982c5412b72016fe96c	-	ol9_aarch64_appstream
	nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm	aa8fa5af6fbbbba2d1286f11b8e2270b7305834e5a14ade27d7d10e31986d0db	-	ol9_aarch64_appstream
	nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm	f083d6f16ac56e1e2c5bde98f3eb9031c1d26c63654619c77bc7c08684a53605	-	ol9_aarch64_appstream
	nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm	b9c28c62ee1510b013e07b5a9ee5eef87e8312ee0100241e3965ab5673be3ccb	-	ol9_aarch64_appstream
	nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm	5ae9f39081132b8e0523efd23f430cfd8b30dae4cacdb863ece2fa74fc455dda	-	ol9_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm	61d5685c963d6a961c5f2a9eb522968da9e8e5d40635aab3c8e9b45cc816bf51	-	ol9_aarch64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm	187d5a14fe7425a8a0633a24e8ebb9dda5793f3569ccd1a8a3935b4f151215b8	-	ol9_aarch64_appstream
	nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm	1c7769d5f39dc02f5f9a0d64226e8cfab3afbebfba99c585b40ef9343da8372b	-	ol9_aarch64_appstream
	npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.aarch64.rpm	9bf199959c8fd22574dc089e43ea3e1cc07d786e1d198b2d928e592fc076d266	-	ol9_aarch64_appstream

Oracle Linux 9 (x86_64)	nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.src.rpm	537e3288f26f4d750aa4d12a16b907090eacb2dff483173d6c978766fbed1861	-	ol9_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.src.rpm	c7b0f5990d5c3df77f07ad5867971bf3c8fa3bd30381b2cf4c71c22f13b7a01f	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.src.rpm	41e7cf1b70df716b4c0ea60432e088e00d9d6a2861d1c982c5412b72016fe96c	-	ol9_x86_64_appstream
	nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm	e3b6cf1d69d9583b79efc9670fb02155d46083ef7d1b68e2c2d938b7d1e3142b	-	ol9_x86_64_appstream
	nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm	6571cf5b6f733c86e9e3db71483fdcec390aa10e4fe1e8f3149d9b3faf648967	-	ol9_x86_64_appstream
	nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm	b9c28c62ee1510b013e07b5a9ee5eef87e8312ee0100241e3965ab5673be3ccb	-	ol9_x86_64_appstream
	nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm	ce83a87942c5bccb4f299cbb5a2bff3592d07a871965cbf8f1d9584f0be1cb7c	-	ol9_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm	61d5685c963d6a961c5f2a9eb522968da9e8e5d40635aab3c8e9b45cc816bf51	-	ol9_x86_64_appstream
	nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm	187d5a14fe7425a8a0633a24e8ebb9dda5793f3569ccd1a8a3935b4f151215b8	-	ol9_x86_64_appstream
	nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm	1c7769d5f39dc02f5f9a0d64226e8cfab3afbebfba99c585b40ef9343da8372b	-	ol9_x86_64_appstream
	npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.x86_64.rpm	3dcafc69b58f394583ab6ca462569c072b0df00d4d882815feb5670ec6ddae62	-	ol9_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691