[CLSA-2026:1770312666] Fix CVE(s): CVE-2025-55130, CVE-2025-59465

Type:

security

Severity:

Critical

Release date:

2026-02-05 17:31:12 UTC

Description:

   * SECURITY UPDATE: Symlink permission bypass vulnerability
     - debian/patches/CVE-2025-55130.patch: require full read and write fs
       permissions for symlink APIs to prevent permission model bypass
     - CVE-2025-55130
   * SECURITY UPDATE: Unhandled rejection in TLS socket error handling
     - debian/patches/CVE-2025-59465.patch: add TLSSocket default error handler
       to prevent unhandled rejection on abrupt socket close
     - CVE-2025-59465

Updated packages:

alt-nodejs23-docs_23.11.1-2_amd64.deb
sha:8fa56e24f0cc521c3e3787cbe499ffe8f65bedb5
alt-nodejs23-nodejs_23.11.1-2_amd64.deb
sha:6bb54ff4bbf55b12abf5aa365d3d0912cd29c183
alt-nodejs23-nodejs-devel_23.11.1-2_amd64.deb
sha:6bc81e3d60f584338da692ac86f23f74b67bfa87
alt-nodejs23-npm_10.9.2-23.11.1.2_amd64.deb
sha:68c4599cb9f1ed38223307ca4dbe38401fa5900c

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.