A security update has been issued for the Node SHA.js package in Debian GNU/Linux versions 12 (Bookworm) and 13 (Trixie). This update addresses vulnerabilities caused by the package's incomplete type checks, which could potentially lead to security risks.
The Debian Security Advisory DSA-6002-1, released on September 16, 2025, outlines the details of the vulnerability identified as CVE-2025-9288. The issue specifically pertains to the implementation of SHA hash functions in JavaScript within the Node SHA.js package.
For users of the oldstable distribution (Bookworm), the issue has been resolved in version 2.4.11+~2.4.0-2+deb12u1, while for the stable distribution (Trixie), it has been fixed in version 2.4.11+~2.4.0-2+deb13u1. Users are strongly advised to upgrade their node-sha.js packages to ensure their systems are secure.
For additional details on the security status of node-sha.js, users can visit the security tracker page. More information regarding Debian Security Advisories, updating procedures, and frequently asked questions is available on the Debian security website.
In light of this update, it is important for users to regularly check for security advisories and promptly apply updates to maintain the integrity and security of their systems. Additionally, developers should consider implementing more robust type checks in their own applications to prevent similar vulnerabilities in the future. Keeping software and dependencies up to date is a crucial practice in safeguarding digital environments against evolving security threats
The Debian Security Advisory DSA-6002-1, released on September 16, 2025, outlines the details of the vulnerability identified as CVE-2025-9288. The issue specifically pertains to the implementation of SHA hash functions in JavaScript within the Node SHA.js package.
For users of the oldstable distribution (Bookworm), the issue has been resolved in version 2.4.11+~2.4.0-2+deb12u1, while for the stable distribution (Trixie), it has been fixed in version 2.4.11+~2.4.0-2+deb13u1. Users are strongly advised to upgrade their node-sha.js packages to ensure their systems are secure.
For additional details on the security status of node-sha.js, users can visit the security tracker page. More information regarding Debian Security Advisories, updating procedures, and frequently asked questions is available on the Debian security website.
In light of this update, it is important for users to regularly check for security advisories and promptly apply updates to maintain the integrity and security of their systems. Additionally, developers should consider implementing more robust type checks in their own applications to prevent similar vulnerabilities in the future. Keeping software and dependencies up to date is a crucial practice in safeguarding digital environments against evolving security threats
Node SHA.js security update for Debian
A security update has been released for the Node SHA.js package in both Debian GNU/Linux 12 (Bookworm) and 13 (Trixie), which implements SHA hash functions in JavaScript. The problem with the package was that it performed incomplete type checks, leading to potential security vulnerabilities.
[DSA 6002-1] node-sha.js security update
