Release date:
2026-05-25 12:42:50 UTC
Description:
* SECURITY UPDATE: memory leak in HTTP/2 on flow control window overflow
- debian/patches/CVE-2026-21714.patch: treat NGHTTP2_ERR_FLOW_CONTROL in
OnInvalidFrame so Http2Session is destroyed after invalid connection-level
WINDOW_UPDATE instead of leaking
- CVE-2026-21714
Updated packages:
-
alt-nodejs18-docs_18.20.8-12_amd64.deb
sha:9ada800dbb818f1cb4837b17c7da2fda8f524652
-
alt-nodejs18-nodejs_18.20.8-12_amd64.deb
sha:1968fe248701b59859dce831e0bf833c70ebc2b3
-
alt-nodejs18-nodejs-devel_18.20.8-12_amd64.deb
sha:016ab88e62fc2e7d2dbcee5a3b13ac5fcf57e909
-
alt-nodejs18-npm_10.8.2-18.20.8.12_amd64.deb
sha:c2c76a507b9a0e8c1e28fe1974036dadacf722ff
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
