[CLSA-2025:1762356051] Fix CVE(s): CVE-2023-32002, CVE-2023-32006

Type:

security

Severity:

Critical

Release date:

2025-11-05 15:23:12 UTC

Description:

   * SECURITY UPDATE: Node.js policy bypass vulnerabilities
     - debian/patches/CVE-2023-32002-32006.patch: fix policy bypass vulnerabilities
       in experimental policy mechanism:
       * CVE-2023-32002: prevent Module.constructor._load() bypass by adding
         constructor property protection
       * CVE-2023-32006: prevent require.main.constructor and require.extensions
         bypass by implementing secure module loading validation
     - CVE-2023-32002, CVE-2023-32006

Updated packages:

alt-nodejs14-docs_14.21.3-4+tuxcare.els3_amd64.deb
sha:36d573b98f88d4bc556e520b4098225aa1406418
alt-nodejs14-nodejs_14.21.3-4+tuxcare.els3_amd64.deb
sha:2c2b184bbec09fc21052d8fbdef51e660a6b0470
alt-nodejs14-nodejs-devel_14.21.3-4+tuxcare.els3_amd64.deb
sha:3f4830104d766b75f541dde2f1f61acf07066815
alt-nodejs14-npm_6.14.18-14.21.3.4_amd64.deb
sha:90e14a478b85ba332c6e9d8816ada9a417f7b454

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.