Debian LTS Advisory DLA-4152-1 [email protected] https://www.debian.org/lts/security/ Bastien Roucariès May 02, 2025 https://wiki.debian.org/LTS Package : nodejs Version : 12.22.12~dfsg-1~deb11u7 CVE ID : CVE-2025-47153 Debian Bug : 922075 1076350 Node.js a popular server side javascript engine was affected by a vulnerability on 32bits architecture. Build processes for libuv and Node.js for 32-bit systems, have an inconsistent off_t size (e.g., building on i386 Debian always uses _FILE_OFFSET_BITS=64 for the libuv dynamic library, but uses the _FILE_OFFSET_BITS global system default of 32 for nodejs), leading to out-of-bounds access. Following reverse dependencies were also rebuilt in order to fix the vulnerability: node-expat node-iconv node-leveldown node-modern-syslog node-nodedbi node-opencv node-re2 node-sqlite3 node-sass node-srs node-websocket node-zipfile r-cran-v8 For Debian 11 bullseye, this problem has been fixed in version 12.22.12~dfsg-1~deb11u7. We recommend that you upgrade your nodejs packages. For the detailed security status of nodejs please refer to its security tracker page at: https://security-tracker.debian.org/tracker/nodejs Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at:…Read More