[security - high] nodejs:20 security update

エラータID: AXSA:2025-10000:01

リリース日: 
2025/06/09 Monday - 18:12
題名: 
[security - high] nodejs:20 security update
影響のあるチャネル: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.

Security Fix(es):

* nodejs: Remote Crash via SignTraits::DeriveBits() in Node.js (CVE-2025-23166)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2025-23166
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.

Modularity name: "nodejs"
Stream name: "20"

解決策: 

Update packages.

CVE: 
CVE-2025-23166
The C++ method SignTraits::DeriveBits() may incorrectly call ThrowException() based on user-supplied inputs when executing in a background thread, crashing the Node.js process. Such cryptographic operations are commonly applied to untrusted inputs. Thus, this mechanism potentially allows an adversary to remotely crash a Node.js runtime.
追加情報: 

N/A

ダウンロード: 

SRPMS
  1. nodejs-nodemon-3.0.1-1.module+el8+1881+6b93ffee.src.rpm
    MD5: dd67c0e919dca667a43a867e7db064b7
    SHA-256: 1f3ded6d289eb848587c860f0c82eb9b4620bfb290038f8cced1b70df8ae2cee
    Size: 339.85 kB
  2. nodejs-packaging-2021.06-4.module+el8+1881+6b93ffee.src.rpm
    MD5: efd58f90b897e060d08854f2a839527c
    SHA-256: 7af88b8badeb43cb6cad6aefff2513370e3175450ed2539c46a0e29d298ba797
    Size: 30.29 kB
  3. nodejs-20.19.2-1.module+el8+1881+6b93ffee.src.rpm
    MD5: e31b21a7e9079b0c0079d1ae35b68602
    SHA-256: 6cf30c3b2849c565a8e4354f5ea9fa6ab479cbd7a9d96f0ef814148b8db51598
    Size: 82.69 MB

Asianux Server 8 for x86_64
  1. nodejs-20.19.2-1.module+el8+1881+6b93ffee.x86_64.rpm
    MD5: cfda983a363c0778570e7c92c631275e
    SHA-256: 481a27928bed23fbaabf8c2d17fe21cd2f914fe880337fe522cb5d630d9ee216
    Size: 14.44 MB
  2. nodejs-debugsource-20.19.2-1.module+el8+1881+6b93ffee.x86_64.rpm
    MD5: b63374afe1c33911074c437986bfad29
    SHA-256: 9041781197748f099f1d4191cc61715f41c43325d6f036ddb902f70cc5816e46
    Size: 11.90 MB
  3. nodejs-devel-20.19.2-1.module+el8+1881+6b93ffee.x86_64.rpm
    MD5: 7dda182e395f1c6f8defe48bd9bed6ed
    SHA-256: 1f3cf5122ee358174a8cadf3ccab8e6422f79a0bd31fa428f810cd43280400e9
    Size: 263.01 kB
  4. nodejs-docs-20.19.2-1.module+el8+1881+6b93ffee.noarch.rpm
    MD5: 94c3f885487fb04dae43c55f63466728
    SHA-256: 02a26a43976f0fb74f57fc7df62c24545a32aa8c2ad15cd4c5e5d791fb541d30
    Size: 10.91 MB
  5. nodejs-full-i18n-20.19.2-1.module+el8+1881+6b93ffee.x86_64.rpm
    MD5: bac8a48a2760f675a42682bd633315e7
    SHA-256: cec6d8a1b4c8947064b6591bb9cfe87abb8c70722213b3bc8f29263e294e000b
    Size: 8.32 MB
  6. nodejs-nodemon-3.0.1-1.module+el8+1881+6b93ffee.noarch.rpm
    MD5: cb137970711240efba83f8bd8ddc042c
    SHA-256: 3f99cf21edb79029304ccf7f672f1bb4e8ecaedce621e9c1c9011d691ea62d9a
    Size: 281.65 kB
  7. nodejs-packaging-2021.06-4.module+el8+1881+6b93ffee.noarch.rpm
    MD5: b5e653001387375282e52f4b10c766ba
    SHA-256: 84d9a6793a71106b65eb2e19d115b7c6cbd29d95e98a83e4ba7f94e94bd9ce14
    Size: 24.14 kB
  8. nodejs-packaging-bundler-2021.06-4.module+el8+1881+6b93ffee.noarch.rpm
    MD5: 493b107178d1ffd4a6e06585717a5de7
    SHA-256: b01e1d039eb25875303852d4e5924c65fb8c8d9b5928740a50b570d9affa3a80
    Size: 13.76 kB
  9. npm-10.8.2-1.20.19.2.1.module+el8+1881+6b93ffee.x86_64.rpm
    MD5: fb7c606d5c01fc10a309e65f0ecc772e
    SHA-256: 9be9d9941a70a38504dbdc5a6c64d2601addb135e97a609abafa613bdd34199d
    Size: 2.02 MB