ELSA-2026-8339

ULN >
Oracle Linux Errata repository >
ELSA-2026-8339

ELSA-2026-8339 - nodejs:20 security update

Type:	SECURITY
Impact:	IMPORTANT
Release Date:	2026-04-17

Description

nodejs
[1:20.20.2-1]
- Update to version 20.20.2
- Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change.
Resolves: RHEL-154018
Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710

nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883

[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065

[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517

[2.0.19-1]
- Rebase to 2.0.19
Resolves: CVE-2022-33987

[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com

[2.0.7-1]
- Resolves: RHBZ#1953991
- Update to 2.0.7 to resolve CVE-2020-28469

[2.0.3-1]
- Updated

[1.18.3-1]
- Resolves: #1615413
- Updated
- bundled

[1.11.0-2]
- rh-nodejs8 rebuild

[1.11.0-1]
- Updated with script

nodejs-packaging
[2021.06-5]
- nodejs.req properly detect bundled deps

[2021.06-4]
- NPM bundler: also find namespaced bundled dependencies

[2021.06-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild

[2021.06-2]
- Fix hard-coded output directory in the bundler

[2021.06-1]
- Update to 2021.06-1
- bundler: Handle archaic license metadata
- bundler: Warn about bundled dependencies with no license metadata

[2021.01-3]
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild

[2021.01-2]
- nodejs-packaging-bundler improvements to handle uncommon characters

[2021.01]
- Add nodejs-packaging-bundler and update README.md

[2020.09-1]
- Move to dist-git as the upstream

[25-1]
- Fix incorrect bundled library detection for Requires

Related CVEs

Updated Packages

Release/Architecture	Filename	sha256	Superseded By Advisory	Channel Label

Oracle Linux 8 (aarch64)	nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.src.rpm	6724775d55867b185ab7adb8c3f1ccae81d158b1a2eebc4ea892f42ebd87eb15	-	ol8_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.src.rpm	69344d52950e8b016abae5ffd8a1d68bb9d834f8dbd97fc7e1812c75a2549ffb	-	ol8_aarch64_appstream
	nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.src.rpm	1707b326a8e87b1544128b6436c24d3e8d1595aa5e2a10b59aa09abe9b0f1aca	-	ol8_aarch64_appstream
	nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm	4e5509b3bf875e2361be3f4a2fa5f162be4a99f489dfe29a9ae651f35e48e56f	-	ol8_aarch64_appstream
	nodejs-devel-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm	3756b2f12808521e75535d47b055d95d197e922c0b6800ba9c87cd56b70a6786	-	ol8_aarch64_appstream
	nodejs-docs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.noarch.rpm	bd2ca511a40d9bed788991a93b835974c19a71e633452f3a02874c962e6c11b7	-	ol8_aarch64_appstream
	nodejs-full-i18n-20.20.2-1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm	9d6c8a81de63ebb684a5e765cefd4dcd43764b028df23f9c4f43db049ccc929e	-	ol8_aarch64_appstream
	nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm	a69039d29e5ac8bd94dd2a76f4070c3610464fae006c16efc45bddde4e0fcc96	-	ol8_aarch64_appstream
	nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm	177b99810915dd56bfb809a5573556b7882a9bc27d66956ff281e7a0b3a6f941	-	ol8_aarch64_appstream
	nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm	6af1d3ce0dac8f9adb5c6132f032302b148660debb1c6b8a1f27fd09ce815fb7	-	ol8_aarch64_appstream
	npm-10.8.2-1.20.20.2.1.module+el8.10.0+90878+0d41f8c0.aarch64.rpm	674d8aa01a3e3c607bef8639f773ebd5cf63a69ea2c3ba557a0093483e1eb262	-	ol8_aarch64_appstream

Oracle Linux 8 (x86_64)	nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.src.rpm	6724775d55867b185ab7adb8c3f1ccae81d158b1a2eebc4ea892f42ebd87eb15	-	ol8_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.src.rpm	69344d52950e8b016abae5ffd8a1d68bb9d834f8dbd97fc7e1812c75a2549ffb	-	ol8_x86_64_appstream
	nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.src.rpm	1707b326a8e87b1544128b6436c24d3e8d1595aa5e2a10b59aa09abe9b0f1aca	-	ol8_x86_64_appstream
	nodejs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm	ceb19363847d79bfba68daf87361f7b7257b4019a5b239a086228356759aab24	-	ol8_x86_64_appstream
	nodejs-devel-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm	072152cbf213fe9af81ece8aeacb121ab79fb8fdf270b7941a449e31b1ddad79	-	ol8_x86_64_appstream
	nodejs-docs-20.20.2-1.module+el8.10.0+90878+0d41f8c0.noarch.rpm	bd2ca511a40d9bed788991a93b835974c19a71e633452f3a02874c962e6c11b7	-	ol8_x86_64_appstream
	nodejs-full-i18n-20.20.2-1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm	fe9c8704080f970177cbad522c036809c2938adbaa962bb13e1ecbed445f80f2	-	ol8_x86_64_appstream
	nodejs-nodemon-3.0.1-1.module+el8.10.0+90743+b61054a8.noarch.rpm	a69039d29e5ac8bd94dd2a76f4070c3610464fae006c16efc45bddde4e0fcc96	-	ol8_x86_64_appstream
	nodejs-packaging-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm	177b99810915dd56bfb809a5573556b7882a9bc27d66956ff281e7a0b3a6f941	-	ol8_x86_64_appstream
	nodejs-packaging-bundler-2021.06-5.module+el8.10.0+90878+0d41f8c0.noarch.rpm	6af1d3ce0dac8f9adb5c6132f032302b148660debb1c6b8a1f27fd09ce815fb7	-	ol8_x86_64_appstream
	npm-10.8.2-1.20.20.2.1.module+el8.10.0+90878+0d41f8c0.x86_64.rpm	1f830ce67d8e8307d9f47649eb5a50a7e437ec32db6b3476ac1c4479d8c030f6	-	ol8_x86_64_appstream

This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

Technical information

Oracle Linux Support

Connect

Contact Us

Global contacts
Oracle 1-800-633-0691