Release date:
2026-05-01 10:41:52 UTC
Description:
* SECURITY UPDATE: undici predictable multipart/form-data boundary
- debian/patches/CVE-2025-22150.patch: replace Math.random() with
crypto.randomInt() for the boundary string in bundled undici
(deps/undici/src/lib/fetch/body.js). Math.random() output is
predictable from a few sampled values, allowing attackers who can
observe multipart requests to attacker-controlled servers to tamper
with subsequent requests to backend APIs.
- CVE-2025-22150
Updated packages:
-
alt-nodejs16-docs_16.20.2-16_amd64.deb
sha:00e3ea7de207ff1b9ede124c156d951791edfc5e
-
alt-nodejs16-nodejs_16.20.2-16_amd64.deb
sha:d47235a2df98b2a8b6d15e445af4eac3447ab6c2
-
alt-nodejs16-nodejs-devel_16.20.2-16_amd64.deb
sha:af9524877a3854a9dc78dd4e520727dc455ba43d
-
alt-nodejs16-npm_8.19.4-16.20.2-16_amd64.deb
sha:35cdf1c7b08576bac28e56b0aa93658dbe550e3c
-
alt-nodejs16-docs_16.20.2-16_arm64.deb
sha:ea0a44409fdf12e6beb3b6fcbe8897c2da1d21f9
-
alt-nodejs16-nodejs_16.20.2-16_arm64.deb
sha:77d1183cdf2177e45d7327bd0b1876f723671e0c
-
alt-nodejs16-nodejs-devel_16.20.2-16_arm64.deb
sha:0cb00a543ec12ef0f320a612d8c661a8c1ed7bd4
-
alt-nodejs16-npm_8.19.4-16.20.2-16_arm64.deb
sha:326ba9fe76abecb8e1752a7721315a6e65affe2f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
