Release Info

Advisory: CLSA-2025:1765361525

OS: Debian 10

Public date: 2025-12-10 10:12:07.791272

Project: nodejs

Version: 16.20.2-5

Errata link: https://errata.tuxcare.com/els_alt_nodejs/debian10/CLSA-2025-1765361525.html

Changelog

* SECURITY UPDATE: Marvin Attack vulnerability in Node.js – debian/patches/CVE-2023-46809.patch: fixes a timing‑side‑channel flaw in the RSA PKCS#1 v1.5 decryption logic, preventing a Marvin‑style padding‑oracle attack that could allow recovery of sensitive data. – CVE-2023-46809

Update

Update command: apt-get update apt-get --only-upgrade install alt-nodejs*

Packages list

alt-nodejs16-docs_16.20.2-5_amd64.deb alt-nodejs16-nodejs_16.20.2-5_amd64.deb alt-nodejs16-nodejs-devel_16.20.2-5_amd64.deb alt-nodejs16-npm_8.19.4-16.20.2.5_amd64.deb

CVEs

CVE-2023-46809