Release date:
2026-05-22 21:48:27 UTC
Description:
* SECURITY UPDATE: Permission Model bypass in fs.realpath.native
- debian/patches/CVE-2026-21715.patch: add permission check to
realpath.native in src/node_file.cc so --allow-fs-read is enforced
and prevents filesystem enumeration outside permitted directories
- CVE-2026-21715
Updated packages:
-
alt-nodejs23-docs_23.11.1-10_amd64.deb
sha:4a8fdd96925ff36c322a6d21ac82f5d37f7f2f5f
-
alt-nodejs23-nodejs_23.11.1-10_amd64.deb
sha:faf8f5bcf275da560163a7fc52cc96a42818394c
-
alt-nodejs23-nodejs-devel_23.11.1-10_amd64.deb
sha:38884a89e037855454f0fadb66c83d357e579e83
-
alt-nodejs23-npm_10.9.2-23.11.1.10_amd64.deb
sha:afbf8ee8d192a92959d392dbbc9521b19657e147
-
alt-nodejs23-docs_23.11.1-10_arm64.deb
sha:6ad9b22cf8ccb90ebeebda9843bd696605b7087b
-
alt-nodejs23-nodejs_23.11.1-10_arm64.deb
sha:54b832f0cf6f27dd235919f98068fca1d53052f2
-
alt-nodejs23-nodejs-devel_23.11.1-10_arm64.deb
sha:98f3c38c12a34743e3665e4a4ac744a38612f91c
-
alt-nodejs23-npm_10.9.2-23.11.1.10_arm64.deb
sha:f1b34edc9251bd59ba64ce5a6e8e60660d269e0e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
