[security - high] nodejs:20 security update

エラータID: AXSA:2025-10523:01

Release date: 
Friday, July 18, 2025 - 16:56
Subject: 
[security - high] nodejs:20 security update
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js (CVE-2025-23166)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-23166
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

Modularity name: "nodejs"
Stream name: "20"

Solution: 

Update packages.

CVEs: 
CVE-2025-23166
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
Additional Info: 

N/A

Download: 

SRPMS
  1. nodejs-nodemon-3.0.1-1.module+el9+1098+90c418d1.src.rpm
    MD5: 4b05d13ce8418132e7bcb66e19bf772a
    SHA-256: 15899c7ae37dec8ee95a228a1eaa721c72eec7c05e1265b631526df6e4e77d14
    Size: 339.27 kB
  2. nodejs-packaging-2021.06-4.module+el9+1098+90c418d1.src.rpm
    MD5: 4835641b4cb5e7c701918e6f1c52bf00
    SHA-256: 55bca2db6aa03298a8f3814aca9664cbe8cb6e2f666d83d7a800a96f385f5ee6
    Size: 26.54 kB
  3. nodejs-20.19.2-1.module+el9+1098+90c418d1.src.rpm
    MD5: 9a734a31fd324e1ccc64bb634dc1eae1
    SHA-256: 27a2ac1dc538ad1eff170db2edacd745fe5dd4dbe06a815eae8d97b497723e3e
    Size: 82.74 MB

Asianux Server 9 for x86_64
  1. nodejs-20.19.2-1.module+el9+1098+90c418d1.x86_64.rpm
    MD5: f72bc3de24de43640789ea8d460c5892
    SHA-256: 49edc324d6b424fb36a7656adb08eccc9066b39c5ff04a5d3b9f7c06a7240826
    Size: 14.06 MB
  2. nodejs-debugsource-20.19.2-1.module+el9+1098+90c418d1.x86_64.rpm
    MD5: de4a94370bbcff4444fa33821a3dc42a
    SHA-256: 41b251f6a0ef1bd31da530a461abc79e00a52b463c81a60a30d8771447eb1370
    Size: 12.64 MB
  3. nodejs-devel-20.19.2-1.module+el9+1098+90c418d1.x86_64.rpm
    MD5: 11e5e7c2b617d18ebad2195a3e4c2639
    SHA-256: 8022428f9f67e8fca33bdf19f6f687c22df8e8f1279719368aebf67f5bef22a2
    Size: 259.93 kB
  4. nodejs-docs-20.19.2-1.module+el9+1098+90c418d1.noarch.rpm
    MD5: 26f2b577975ea5d1621aa15c00bec8e0
    SHA-256: 4dabfc8eb3cd9d050e7e752374cb488a7237767d3a02ad839a0b1c1061b2d58e
    Size: 8.58 MB
  5. nodejs-full-i18n-20.19.2-1.module+el9+1098+90c418d1.x86_64.rpm
    MD5: 8ccbdf11611fc2030c9944d5d3e75c6d
    SHA-256: 5d337d826729bf6971d2f8441652f33191cad797d8d90863ccd02e1ab12290f5
    Size: 8.59 MB
  6. nodejs-nodemon-3.0.1-1.module+el9+1098+90c418d1.noarch.rpm
    MD5: ff8001076fa53bf01548f4f5db6d4fd8
    SHA-256: 18922b6dc5e53e814f7b0867eda0254072903f712077bb1821e53294ae6a7eb5
    Size: 332.22 kB
  7. nodejs-packaging-2021.06-4.module+el9+1098+90c418d1.noarch.rpm
    MD5: 4fe20fa683e4de3ea853a281e4ce83ea
    SHA-256: 8d7b8fd310831f91429876392085befcb4458557a73014a6fa783c5f7a7e475c
    Size: 19.92 kB
  8. nodejs-packaging-bundler-2021.06-4.module+el9+1098+90c418d1.noarch.rpm
    MD5: e165171f044a2c083f5c2b005d57c4c7
    SHA-256: d245ebd54a83304491853e0ee90255cf6e8dc9654e5b10ba979c301204258993
    Size: 9.76 kB
  9. npm-10.8.2-1.20.19.2.1.module+el9+1098+90c418d1.x86_64.rpm
    MD5: 82fc11a420639181be5b91ff32860283
    SHA-256: 4f72686a74afc5fe227ec967010ee401693cabaadcf15b89d2097311690afa6c
    Size: 2.22 MB