-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4152-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 02, 2025 https://wiki.debian.org/LTS - -------------------------------------------------------------------------
Package : nodejs Version : 12.22.12~dfsg-1~deb11u7 CVE ID : CVE-2025-47153 Debian Bug : 922075 1076350 Node.js a popular server side javascript engine was affected by a vulnerability on 32bits architecture. Build processes for libuv and Node.js for 32-bit systems, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. Following reverse dependencies were also rebuilt in order to fix the vulnerability: node-expat node-iconv node-leveldown node-modern-syslog node-nodedbi node-opencv node-re2 node-sqlite3 node-sass node-srs node-websocket node-zipfile r-cran-v8 For Debian 11 bullseye, this problem has been fixed in version 12.22.12~dfsg-1~deb11u7. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEXQGHuUCiRbrXsPVqADoaLapBCF8FAmgT9oMACgkQADoaLapB CF9l5xAAr5qWjPQnb8fe9iDKJUV+R8UiRwmDAYJXx+nMPuSEOfK/6BF0jzabiNs3 xuRE+STcsQyNlt7vWHSj6FNjPqqoqsIBwJLykxava7TM9sNkB9IQ90yc2FszuGK3 aaCy9c+bhEyfq+wqPwg/4QI2PopjF2Xk8WgEA9B0CwIHnF7bJKvW0tXG2THtSU+r RuTakV8aRN/Nx0i8T4rBcZEJtItKCrVQ7vWWG6QcWpThMVcGHMdJREfdFib8F9WH MOM+plV2+LqJbjYjo23qhM+N+E/25CTwOX4UVjzbDSY5DEO10J9atBkE5oQGL1z1 70u3FcoLMcJxBVKrq8Y6y77rKmBWYFGcB6DD7S/+wJUzTm/53XbooJCZARnE4rSE /5kS37vTeMFw7hGk6Rm/iKWXj2qRoRxO36NaxS5J+9lMeDa+LdqJ2xzKnNjCsA40 /CKt+AXcTSI3c4LPcbqy9gw7j1jFbGgl78aceByzL2+Zi4ifrquVdRep0isc3ITz 0WEttZqtxPeEyk/jkuxHE54H2kZ4SSYpuOS4AZlevoaRbTqFVKvrzNBFMxn+Retj +/YySsoBaHJINpCzO+HLrB5tqtf/4NTSFnTaFwt8AHdRlsizJd5EHcJ3S0SmAwXk ZO7C/xvbhN2h/2nB+04XlRXu5/zkOnbSYJxYgJIJWery8LWGy40= =0YZh -----END PGP SIGNATURE-----
