|
|
Log in / Subscribe / Register

Debian alert DSA-6183-1 (nodejs)



From:
              Moritz Muehlenhoff <jmm@debian.org>


To:
              debian-security-announce@lists.debian.org


Subject:
              [SECURITY] [DSA 6183-1] nodejs security update


Date:
              Sun, 29 Mar 2026 13:22:12 +0000


Message-ID:
              <acknhELx2mnwxAU0@seger.debian.org>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6183-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
March 29, 2026                        https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : nodejs
CVE ID         : CVE-2026-21637 CVE-2026-21710 CVE-2026-21713 CVE-2026-21714 
                 CVE-2026-21715 CVE-2026-21716 CVE-2026-21717

Multiple vulnerabilities were discovered in Node.js, which could result
in denial of service, side channel attacks or information disclosure.

For the stable distribution (trixie), these problems have been fixed in
version 20.19.2+dfsg-1+deb13u2.

We recommend that you upgrade your nodejs packages.

For the detailed security status of nodejs please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/nodejs

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmnJJwUACgkQEMKTtsN8
TjbrKQ/+Lkq9m2U70kloGH5wEYBjuyLay+hJpeXDgqpqW/ektprnwK8uuA2Of5rQ
euLbFdkX+sk0sDtDXgxnW17rbIgZTk1F7S+1/UTOzKxbRbgvLWLBBUbFJe0LYALU
3kid6O1XaGKpHFNUrJ1m641ZlFrJl/h6ygXMW3D2esHPbrCd2A1JstIqhN+ltvSW
dIGZ/1l5EntZYOryFQ4RDmq12QDtB/wxj/j/WEFByiIKL8zhz3N4qWXtde1S3RPR
YaDD2+A8vVJK81/N7DOb1fH3og7V7JLwQ+haMrrf7etEkRro68Bd0uVfWIyYWiKv
aQLEZxNggCc90oCCkWBjtk4NJ5u+r4vmVYlOSu1n+fWS6dKXjKVriaXv/CRb4X/8
3wFW63MTaQu52sO1h2WHdAKPs4GvvZJzr7eOdoKwmi9RitfGQGT2BD/fhaxDpAPg
ZSggzdkKcGqUrUD6q1n/gDNyTaw7FOJkCJlqydDt33CPE17OJ2OpHP63YgmB/A7B
xeU8Y1HY6b0UdGwX+85qnOb5oY/cAkTH4urzUJ2HgV4LwFQTUXjakaeWzSptQDUS
cNpjntW7sCBcwjjoEEsyRWUagieoM4rG/GF9as+nXzAzCpTNPXj8J9/zCZTxLwlK
/VovdwHAXmScxXKRI/hUVqc7cAY89+oIuwTaipa52La7Fz87C40=
=g2p9
-----END PGP SIGNATURE-----
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds