Release Info

Advisory: CLSA-2025:1764866060

OS: Debian 11

Public date: 2025-12-04 16:34:22.796839

Project: nodejs

Version: 14.21.3-11

Errata link: https://errata.tuxcare.com/els_alt_nodejs/debian11/CLSA-2025-1764866060.html

Changelog

* SECURITY UPDATE: Marvin Attack vulnerability in Node.js – debian/patches/CVE-2023-46809.patch: fixes a timing‑side‑channel flaw in the RSA PKCS#1 v1.5 decryption logic, preventing a Marvin‑style padding‑oracle attack that could allow recovery of sensitive data. – CVE-2023-46809

Update

Update command: apt-get update apt-get --only-upgrade install alt-nodejs*

Packages list

alt-nodejs14-docs_14.21.3-11_amd64.deb alt-nodejs14-nodejs_14.21.3-11_amd64.deb alt-nodejs14-nodejs-devel_14.21.3-11_amd64.deb alt-nodejs14-npm_6.14.18-14.21.3.11_amd64.deb

CVEs

CVE-2023-46809