[CLSA-2026:1779487137] Fix CVE(s): CVE-2026-21714
Type:
security
Severity:
Moderate
Release date:
2026-05-22 21:59:03 UTC
Description:
* SECURITY UPDATE: memory leak in HTTP/2 on flow control window overflow - debian/patches/CVE-2026-21714.patch: treat NGHTTP2_ERR_FLOW_CONTROL in OnInvalidFrame so Http2Session is destroyed after invalid connection-level WINDOW_UPDATE instead of leaking - CVE-2026-21714
Updated packages:
  • alt-nodejs14-docs_14.21.3-22_amd64.deb
    sha:d6dfe3883b52d7bb11631c5f652dbc14ed00505e
  • alt-nodejs14-nodejs_14.21.3-22_amd64.deb
    sha:8bd9be3a3f96efba0c47e3ebd09b99c5025fb4c3
  • alt-nodejs14-nodejs-devel_14.21.3-22_amd64.deb
    sha:597a760cabcc5519ed0cd096898a1333d4f597e9
  • alt-nodejs14-npm_6.14.18-14.21.3-22_amd64.deb
    sha:2db71d38a48c93eb88311d7f9a6802c68978ba49
  • alt-nodejs14-docs_14.21.3-22_arm64.deb
    sha:423912c2697a51a3ae19fd9ced199425d55c92da
  • alt-nodejs14-nodejs_14.21.3-22_arm64.deb
    sha:6e6a9b3cfde676e9262e03dbcad989241e83f913
  • alt-nodejs14-nodejs-devel_14.21.3-22_arm64.deb
    sha:787ef3c4e94761844ff7ffa2575d2d531b4e8569
  • alt-nodejs14-npm_6.14.18-14.21.3-22_arm64.deb
    sha:526a9c2faeb2f8ed98def55f45ba9e0df824e37c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.