[El-errata] ELSA-2026-7302 Important: Oracle Linux 9 nodejs:22 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Tue Apr 14 04:55:28 UTC 2026
Oracle Linux Security Advisory ELSA-2026-7302
http://linux.oracle.com/errata/ELSA-2026-7302.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
nodejs-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm
nodejs-devel-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm
nodejs-docs-22.22.2-1.module+el9.7.0+90867+2ede48fe.noarch.rpm
nodejs-full-i18n-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm
nodejs-libs-22.22.2-1.module+el9.7.0+90867+2ede48fe.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90867+2ede48fe.noarch.rpm
nodejs-packaging-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm
nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm
npm-10.9.7-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.x86_64.rpm
v8-12.4-devel-12.4.254.21-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.x86_64.rpm
aarch64:
nodejs-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm
nodejs-devel-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm
nodejs-docs-22.22.2-1.module+el9.7.0+90867+2ede48fe.noarch.rpm
nodejs-full-i18n-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm
nodejs-libs-22.22.2-1.module+el9.7.0+90867+2ede48fe.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90867+2ede48fe.noarch.rpm
nodejs-packaging-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm
nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90867+2ede48fe.noarch.rpm
npm-10.9.7-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.aarch64.rpm
v8-12.4-devel-12.4.254.21-1.22.22.2.1.module+el9.7.0+90867+2ede48fe.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-22.22.2-1.module+el9.7.0+90867+2ede48fe.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.7.0+90867+2ede48fe.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.7.0+90867+2ede48fe.src.rpm
Related CVEs:
CVE-2026-1525
CVE-2026-1526
CVE-2026-1528
CVE-2026-2229
CVE-2026-21710
CVE-2026-25547
CVE-2026-26996
CVE-2026-27135
CVE-2026-27904
Description of changes:
nodejs
[1:22.22.2-1]
- Update to version 22.22.2
- introduced patch updating deps/nghttp2 to v 1.68.1 for CVE-2026-27135
- disabled failing tests in nghttp2 due to newer version
- patch for npm/braces CVE-2026-25547
Resolves: RHEL-163369
Fixes: CVE-2026-1528 CVE-2026-2229 CVE-2026-1526 CVE-2026-1525 CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547
nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883
[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065
[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517
[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com
nodejs-packaging
[2021.06-6]
- Properly handle @group/package deps in nodejs-symlink-deps
Resolves: RHEL-121582
[2021.06-5]
- nodejs.req to properly detect bundled deps
More information about the El-errata
mailing list