[CLSA-2026:1770809529] Fix CVE(s): CVE-2025-59466, CVE-2026-21637

Type:

security

Severity:

Important

Release date:

2026-02-11 11:32:13 UTC

Description:

   * SECURITY UPDATE: TLS callback exception handling vulnerability
     - debian/patches/CVE-2026-21637.patch: wrap pskCallback and ALPNCallback
       invocations in try-catch blocks to route exceptions through error
       handlers
     - CVE-2026-21637
   * SECURITY UPDATE: Stack overflow exception handling in async_hooks
     - debian/patches/CVE-2025-59466.patch: rethrow stack overflow exceptions
       in async_hooks instead of calling FatalException
     - CVE-2025-59466

Updated packages:

alt-nodejs18-docs_18.20.8-4_amd64.deb
sha:6893937772876e17689f8ab4a5642e6b35963b2a
alt-nodejs18-nodejs_18.20.8-4_amd64.deb
sha:733caf6c46341b2f07cc0d2ba9995f84e3fb105a
alt-nodejs18-nodejs-devel_18.20.8-4_amd64.deb
sha:e0991abc6e4b51a4842f15b87bb76ce0fa58aed6
alt-nodejs18-npm_10.8.2-18.20.8.4_amd64.deb
sha:cc8c895b5c5b0d60627b46f1a7a9e65962344641

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.