[CLSA-2026:1770645897] Fix CVE(s): CVE-2025-59466, CVE-2026-21637

Type:

security

Severity:

Important

Release date:

2026-02-09 14:05:03 UTC

Description:

   * SECURITY UPDATE: TLS callback exception handling vulnerability
     - debian/patches/CVE-2026-21637.patch: wrap pskCallback and ALPNCallback
       invocations in try-catch blocks to route exceptions through error
       handlers
     - CVE-2026-21637
   * SECURITY UPDATE: Stack overflow exception handling in async_hooks
     - debian/patches/CVE-2025-59466.patch: rethrow stack overflow exceptions
       in async_hooks instead of calling FatalException
     - CVE-2025-59466

Updated packages:

alt-nodejs23-docs_23.11.1-4_amd64.deb
sha:a6329a545419ad793e10ec2418fcf83535207b50
alt-nodejs23-nodejs_23.11.1-4_amd64.deb
sha:4018f01b37bb4961bdbb5bb38e1cb684ef5d1fcf
alt-nodejs23-nodejs-devel_23.11.1-4_amd64.deb
sha:8facba34d346337a18dd543a9f5f198422b798f4
alt-nodejs23-npm_10.9.2-23.11.1.4_amd64.deb
sha:7ec4383abc02b36b2c1cb3b9dec4cf581cc47237

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.