[El-errata] ELSA-2026-7896 Important: Oracle Linux 9 nodejs:20 security update
Errata Announcements for Oracle Linux
el-errata at oss.oracle.com
Wed Apr 15 07:56:13 UTC 2026
Oracle Linux Security Advisory ELSA-2026-7896
http://linux.oracle.com/errata/ELSA-2026-7896.html
The following updated rpms for Oracle Linux 9 have been uploaded to the Unbreakable Linux Network:
x86_64:
nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm
nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm
nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm
nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.x86_64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm
nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm
nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm
npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.x86_64.rpm
aarch64:
nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm
nodejs-devel-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm
nodejs-docs-20.20.2-1.module+el9.7.0+90874+6d84790f.noarch.rpm
nodejs-full-i18n-20.20.2-1.module+el9.7.0+90874+6d84790f.aarch64.rpm
nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.noarch.rpm
nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm
nodejs-packaging-bundler-2021.06-6.module+el9.7.0+90874+6d84790f.noarch.rpm
npm-10.8.2-1.20.20.2.1.module+el9.7.0+90874+6d84790f.aarch64.rpm
SRPMS:
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-20.20.2-1.module+el9.7.0+90874+6d84790f.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-nodemon-3.0.1-1.module+el9.7.0+90874+6d84790f.src.rpm
http://oss.oracle.com/ol9/SRPMS-updates/nodejs-packaging-2021.06-6.module+el9.7.0+90874+6d84790f.src.rpm
Related CVEs:
CVE-2026-21710
CVE-2026-26996
CVE-2026-27135
CVE-2026-27904
Description of changes:
nodejs
[1:20.20.2-1]
- Update to version 20.20.2
Patch nghttp2 to version 1.68.1 and disable tests which would fail due to this change.
Resolves: RHEL-164336
Fixes: CVE-2026-27135 CVE-2026-27904 CVE-2026-26996 CVE-2026-25547 CVE-2026-21710
nodejs-nodemon
[3.0.1-1]
- Rebase to 3.0.1
- Resolves: CVE-2022-25883
[2.0.20-2]
- Patch bundled glob-parent
- Resolves: CVE-2021-35065
[2.0.20-1]
- Rebase to 2.0.20
Resolves: CVE-2022-3517
[2.0.15-1]
- Resolves: RHBZ#2005419
- Resolves CVE-2020-28469
- Rebase to newest version
- Change source to npmjs.com
nodejs-packaging
[2021.06-6]
- Properly handle @group/package deps in nodejs-symlink-deps
Resolves: RHEL-121579
[2021.06-5]
- nodejs.req to properly detect bundled deps
More information about the El-errata
mailing list