[CLSA-2026:1770312504] Fix CVE(s): CVE-2025-55130, CVE-2025-59465

Type:

security

Severity:

Critical

Release date:

2026-02-05 17:28:31 UTC

Description:

   * SECURITY UPDATE: Symlink permission bypass vulnerability
     - debian/patches/CVE-2025-55130.patch: require full read and write fs
       permissions for symlink APIs to prevent permission model bypass
     - CVE-2025-55130
   * SECURITY UPDATE: Unhandled rejection in TLS socket error handling
     - debian/patches/CVE-2025-59465.patch: add TLSSocket default error handler
       to prevent unhandled rejection on abrupt socket close
     - CVE-2025-59465

Updated packages:

alt-nodejs23-docs_23.11.1-2_amd64.deb
sha:c4938691028bb928fa3797173764536b1bbfec63
alt-nodejs23-nodejs_23.11.1-2_amd64.deb
sha:504b3f1f78d6928d41fb9f261d16c9d5b42e6d2f
alt-nodejs23-nodejs-devel_23.11.1-2_amd64.deb
sha:0592d0c2b9ea4638d35bdc960d615da6ae4075b3
alt-nodejs23-npm_10.9.2-23.11.1.2_amd64.deb
sha:3cd67ee5a7aacfaf8afde7e8456390159e50970d

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.