Release Info

Advisory: CLSA-2025:1763397451

OS: Ubuntu 22.04

Public date: 2025-11-17 16:37:33.135666

Project: nodejs

Version: 14.21.3-7

Errata link: https://errata.tuxcare.com/els_alt_nodejs/ubuntu22.04/CLSA-2025-1763397451.html

Changelog

* SECURITY UPDATE: HTTP Request Smuggling vulnerability via empty headers separated by CR - debian/patches/CVE-2023-30589.patch: fix llhttp parser to properly validate LF after CR in HTTP header fields, add lenient flag checks before allowing CR without LF, add test file to verify the fix prevents request smuggling attacks - CVE-2023-30589

Update

Update command: apt-get update apt-get --only-upgrade install alt-nodejs*

Packages list

alt-nodejs14-docs_14.21.3-7_amd64.deb alt-nodejs14-nodejs_14.21.3-7_amd64.deb alt-nodejs14-nodejs-devel_14.21.3-7_amd64.deb alt-nodejs14-npm_6.14.18-14.21.3.7_amd64.deb

CVEs

CVE-2023-30589
CVE-2023-32559