[CLSA-2026:1779887553] Fix CVE(s): CVE-2026-21714

Type:

security

Severity:

Moderate

Release date:

2026-05-27 14:16:19 UTC

Description:

   * SECURITY UPDATE: memory leak in HTTP/2 on flow control window overflow
     - debian/patches/CVE-2026-21714.patch: treat NGHTTP2_ERR_FLOW_CONTROL in
       OnInvalidFrame so Http2Session is destroyed after invalid connection-level
       WINDOW_UPDATE instead of leaking
     - CVE-2026-21714

Updated packages:

alt-nodejs12-docs_12.22.12-20_amd64.deb
sha:876bb263988ce510dd4447fa305082d6edc7e5c3
alt-nodejs12-nodejs_12.22.12-20_amd64.deb
sha:1519f8bee29c3b2d790b10c60fd4f98d462116a6
alt-nodejs12-nodejs-devel_12.22.12-20_amd64.deb
sha:cdc6102d025633e511e1e7ed0ab44e9f176a8246
alt-nodejs12-npm_6.14.16-12.22.12.20_amd64.deb
sha:0c43c242bc9d4354213dc5b909851ddf3e285c1f

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.