[CLSA-2026:1779491382] Fix CVE(s): CVE-2024-36137, CVE-2026-21716
Type:
security
Severity:
Moderate
Release date:
2026-05-25 10:08:12 UTC
Description:
* SECURITY UPDATE: incomplete fix for CVE-2024-36137 left FileHandle.chmod() and FileHandle.chown() in the promise-based fs API without permission checks - debian/patches/CVE-2026-21716.patch: add permission check on lib/fs/promises so FileHandle.chmod, FileHandle.chown and fsPromises.lstat enforce the Permission Model under --allow-fs-write / --allow-fs-read restrictions - CVE-2026-21716
Updated packages:
  • alt-nodejs23-docs_23.11.1-13_amd64.deb
    sha:1cfcc80a74893bc8e41e50e3fe6958ff156b2250
  • alt-nodejs23-nodejs_23.11.1-13_amd64.deb
    sha:14ca549eca723d7bea7acd563b1f0f1f0e912a37
  • alt-nodejs23-nodejs-devel_23.11.1-13_amd64.deb
    sha:600e4e86a7f8fe9b4aebc021381047161d23dbc8
  • alt-nodejs23-npm_10.9.2-23.11.1.13_amd64.deb
    sha:2968b2bea9a8d7626985c1c249981991d0548b91
  • alt-nodejs23-docs_23.11.1-13_arm64.deb
    sha:8daf86824f84ac1781276ac3c706df5bbbc31622
  • alt-nodejs23-nodejs_23.11.1-13_arm64.deb
    sha:f766cba3fba921727861c8d4633740b04439bbe7
  • alt-nodejs23-nodejs-devel_23.11.1-13_arm64.deb
    sha:f3143e4d32eac23098072e78c58fbaaa6fead53e
  • alt-nodejs23-npm_10.9.2-23.11.1.13_arm64.deb
    sha:4906c11be6546d05377af5b8f51b8818281d9fe8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.