Advisory: CLSA-2025:1762356051
OS: Debian 13
Public date: 2025-11-05 15:20:53.041711
Project: nodejs
Version: 14.21.3-4+tuxcare.els3
Errata link: https://errata.tuxcare.com/els_alt_nodejs/debian13/CLSA-2025-1762356051.html
* SECURITY UPDATE: Node.js policy bypass vulnerabilities - debian/patches/CVE-2023-32002-32006.patch: fix policy bypass vulnerabilities in experimental policy mechanism: * CVE-2023-32002: prevent Module.constructor._load() bypass by adding constructor property protection * CVE-2023-32006: prevent require.main.constructor and require.extensions bypass by implementing secure module loading validation - CVE-2023-32002, CVE-2023-32006
Update command: apt-get update apt-get --only-upgrade install alt-nodejs*
alt-nodejs14-docs_14.21.3-4+tuxcare.els3_amd64.deb alt-nodejs14-nodejs_14.21.3-4+tuxcare.els3_amd64.deb alt-nodejs14-nodejs-devel_14.21.3-4+tuxcare.els3_amd64.deb alt-nodejs14-npm_6.14.18-14.21.3.4_amd64.deb