[CLSA-2026:1779491044] Fix CVE(s): CVE-2024-36137, CVE-2026-21716
Type:
security
Severity:
Moderate
Release date:
2026-05-25 10:04:46 UTC
Description:
* SECURITY UPDATE: incomplete fix for CVE-2024-36137 left FileHandle.chmod() and FileHandle.chown() in the promise-based fs API without permission checks - debian/patches/CVE-2026-21716.patch: add permission check on lib/fs/promises so FileHandle.chmod, FileHandle.chown and fsPromises.lstat enforce the Permission Model under --allow-fs-write / --allow-fs-read restrictions - CVE-2026-21716
Updated packages:
  • alt-nodejs23-docs_23.11.1-13_amd64.deb
    sha:1cfcc80a74893bc8e41e50e3fe6958ff156b2250
  • alt-nodejs23-nodejs_23.11.1-13_amd64.deb
    sha:28f0574074ab2587efd7a65975f7e75952d35d5c
  • alt-nodejs23-nodejs-devel_23.11.1-13_amd64.deb
    sha:050df4c91baa8c35ce748abbe844bdcbcad7e2fc
  • alt-nodejs23-npm_10.9.2-23.11.1.13_amd64.deb
    sha:2968b2bea9a8d7626985c1c249981991d0548b91
  • alt-nodejs23-docs_23.11.1-13_arm64.deb
    sha:8daf86824f84ac1781276ac3c706df5bbbc31622
  • alt-nodejs23-nodejs_23.11.1-13_arm64.deb
    sha:b373c408620e2df19cd94ecb04017735deaf0fd9
  • alt-nodejs23-nodejs-devel_23.11.1-13_arm64.deb
    sha:8dbfdf1ce83f9bd47c0903721f7057ea0e9fe15b
  • alt-nodejs23-npm_10.9.2-23.11.1.13_arm64.deb
    sha:4906c11be6546d05377af5b8f51b8818281d9fe8
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.