Release date:
2026-05-22 22:58:22 UTC
Description:
* SECURITY UPDATE: Permission Model bypass in fs.realpath.native
- debian/patches/CVE-2026-21715.patch: add permission check to
realpath.native in src/node_file.cc so --allow-fs-read is enforced
and prevents filesystem enumeration outside permitted directories
- CVE-2026-21715
Updated packages:
-
alt-nodejs23-docs_23.11.1-10_amd64.deb
sha:4a8fdd96925ff36c322a6d21ac82f5d37f7f2f5f
-
alt-nodejs23-nodejs_23.11.1-10_amd64.deb
sha:7dcc0ce98365b19f8d297730b7fcb095618bc4b6
-
alt-nodejs23-nodejs-devel_23.11.1-10_amd64.deb
sha:e6658dfdb77f305c573022a48467d8cf75b0effd
-
alt-nodejs23-npm_10.9.2-23.11.1.10_amd64.deb
sha:afbf8ee8d192a92959d392dbbc9521b19657e147
-
alt-nodejs23-docs_23.11.1-10_arm64.deb
sha:6ad9b22cf8ccb90ebeebda9843bd696605b7087b
-
alt-nodejs23-nodejs_23.11.1-10_arm64.deb
sha:0999101f1a9cd8cddf2902e89880da2ad4d75e4a
-
alt-nodejs23-nodejs-devel_23.11.1-10_arm64.deb
sha:74d2e32343c11904306dffe5b185d91351a761f2
-
alt-nodejs23-npm_10.9.2-23.11.1.10_arm64.deb
sha:f1b34edc9251bd59ba64ce5a6e8e60660d269e0e
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
