Release date:
2026-05-01 10:33:06 UTC
Description:
* SECURITY UPDATE: undici predictable multipart/form-data boundary
- debian/patches/CVE-2025-22150.patch: replace Math.random() with
crypto.randomInt() for the boundary string in bundled undici
(deps/undici/src/lib/fetch/body.js). Math.random() output is
predictable from a few sampled values, allowing attackers who can
observe multipart requests to attacker-controlled servers to tamper
with subsequent requests to backend APIs.
- CVE-2025-22150
Updated packages:
-
alt-nodejs16-docs_16.20.2-16_amd64.deb
sha:00e3ea7de207ff1b9ede124c156d951791edfc5e
-
alt-nodejs16-nodejs_16.20.2-16_amd64.deb
sha:01cf12797bf1eec8844df5f13abf35087456d07b
-
alt-nodejs16-nodejs-devel_16.20.2-16_amd64.deb
sha:99796641c256bdfb9e50bd0cafd3688a7abc37da
-
alt-nodejs16-npm_8.19.4-16.20.2-16_amd64.deb
sha:75a37365b36b704232a0a4c3e610fcd3d8002b24
-
alt-nodejs16-docs_16.20.2-16_arm64.deb
sha:ea0a44409fdf12e6beb3b6fcbe8897c2da1d21f9
-
alt-nodejs16-nodejs_16.20.2-16_arm64.deb
sha:7dfbf2913badb540bbbae26f2ae53e84f451575b
-
alt-nodejs16-nodejs-devel_16.20.2-16_arm64.deb
sha:f67884f65d348db9573461b782251a59318ee6d9
-
alt-nodejs16-npm_8.19.4-16.20.2-16_arm64.deb
sha:e4a2bd40b04a916fcb69283e18b33ab41d1fdb14
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
