[SECURITY] [DSA 5991-1] nodejs security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 5991-1] nodejs security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 29 Aug 2025 18:10:59 +0000
Message-id: <[🔎] aLHtMy65rhE1X1tU@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5991-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 29, 2025                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nodejs
CVE ID         : CVE-2023-46809 CVE-2024-21892 CVE-2024-22019
                 CVE-2024-22020 CVE-2024-22025 CVE-2024-27982
		 CVE-2024-27983 CVE-2025-47153

Multiple vulnerabilities were discovered in Node.js, which could result
in denial of service, HTTP request smuggling, privilege escalation, a
side channel attack against PKCS#1 1.5 or a bypass of network import
restrictions.

For the oldstable distribution (bookworm), these problems have been fixed
in version 18.20.4+dfsg-1~deb12u1.

We recommend that you upgrade your nodejs packages.

For the detailed security status of nodejs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nodejs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmix6wEACgkQEMKTtsN8
TjbvSg//dk+LUYWD/3ztcNzZnP+/2lNclPO+iMZdPtOWAGIGMlWUciVJuWkC6AO6
jPdLAFqQLtWAnEJALn4wt4SZifCBrgU/QKOEoddwokVANn0aMM9lR4vmBa527f2F
Q4DMDa+pyEDlKAhbc3w3aJobRDmdO7WncPP7TK7A2WXJJ0aron9aQCRNXqtMOK5m
GnY1awu6gvCAiJWwsf1N+/gVM11KBiGlL/12FWxK7FiXdlHbNvvx/OO/d4INNuxw
y2Xn/faELbEU9ecMWxUh+kmHd+mqX2tNhAbOH85qrkUU1wfUMrO07sCEAnAaApuj
9+jtZzBdeDOi1xR4MIrH4JxliD656zJHX9wKSIOb+p4vZ86o2/L7EaWtmmDWdCdA
xsxhGNxtq6DCip5GxO5pLO0ftGToXar6zZbrou+kE5oXp2xLAtO/jgiPPAOl7HBg
k78tbCZdxiFy0F+HzDQZFAct5xYKU9eaNHYVAXZF48BW4u38XsievMmSg1aVGpZs
XzSwy2BKYkhC1bD/2ISApvZrcBcgxXbXOQXXEsxiFK7IUPtHcR3Mc9uRgP/KRNQ/
x/WYShdmhSQTlvORv5UeAmEjZqYcRS7qYQQ3tk09coY22NAUl+CfzrIuPCvkY/Gc
DaIbudBi4HcPnmYJAe7GpR6Jw+rSnDdfJXVN6D3SRy2IfVLMVPU=
=mHjX
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 5990-1] libxml2 security update
Next by Date: [SECURITY] [DSA 5992-1] firebird4.0 security update
Previous by thread: [SECURITY] [DSA 5990-1] libxml2 security update
Next by thread: [SECURITY] [DSA 5992-1] firebird4.0 security update
Index(es):
- Date
- Thread