Release Info

Advisory: CLSA-2025:1763724069

OS: Debian 10

Public date: 2025-11-21 11:21:11.562443

Project: nodejs

Version: 16.20.2-3

Errata link: https://errata.tuxcare.com/els_alt_nodejs/debian10/CLSA-2025-1763724069.html

Changelog

* SECURITY UPDATE: Node.js policy integrity check bypass vulnerability - debian/patches/CVE-2023-38552.patch: use tamper-proof integrity check to prevent forged checksums and tampering with Hash class internals in the policy mechanism - CVE-2023-38552

Update

Update command: apt-get update apt-get --only-upgrade install alt-nodejs*

Packages list

alt-nodejs16-docs_16.20.2-3_amd64.deb alt-nodejs16-nodejs_16.20.2-3_amd64.deb alt-nodejs16-nodejs-devel_16.20.2-3_amd64.deb alt-nodejs16-npm_8.19.4-16.20.2.3_amd64.deb

CVEs

CVE-2024-22019
CVE-2023-38552
CVE-2024-27983
CVE-2025-23166
CVE-2024-25629
CVE-2024-28863
CVE-2025-23085