Release Info

Advisory: CLSA-2025:1763396573

OS: Debian 13

Public date: 2025-11-17 16:22:55.540004

Project: nodejs

Version: 14.21.3-7

Errata link: https://errata.tuxcare.com/els_alt_nodejs/debian13/CLSA-2025-1763396573.html

Changelog

* SECURITY UPDATE: HTTP Request Smuggling vulnerability via empty headers separated by CR - debian/patches/CVE-2023-30589.patch: fix llhttp parser to properly validate LF after CR in HTTP header fields, add lenient flag checks before allowing CR without LF, add test file to verify the fix prevents request smuggling attacks - CVE-2023-30589

Update

Update command: apt-get update apt-get --only-upgrade install alt-nodejs*

Packages list

alt-nodejs14-docs_14.21.3-7_amd64.deb alt-nodejs14-nodejs_14.21.3-7_amd64.deb alt-nodejs14-nodejs-devel_14.21.3-7_amd64.deb alt-nodejs14-npm_6.14.18-14.21.3.7_amd64.deb

CVEs

CVE-2023-30589
CVE-2023-32559