Release date:
2026-05-07 16:16:42 UTC
Description:
* SECURITY UPDATE: HTTP server crash on __proto__ header
- debian/patches/CVE-2026-21710.patch: initialise headersDistinct and
trailersDistinct destination maps with { __proto__: null } so a
__proto__ request header no longer resolves to Object.prototype and
cause an uncaught TypeError when req.headersDistinct or
req.trailersDistinct is accessed
- CVE-2026-21710
Updated packages:
-
alt-nodejs16-docs_16.20.2-17_amd64.deb
sha:32a3af98dc470e4c9833a9add7b286c784c42139
-
alt-nodejs16-nodejs_16.20.2-17_amd64.deb
sha:bb73c00170ec4c4707fc452d4aed40f11280ec98
-
alt-nodejs16-nodejs-devel_16.20.2-17_amd64.deb
sha:3889ecde1475b9db1e4014e74b8c85dd2c5144f9
-
alt-nodejs16-npm_8.19.4-16.20.2-17_amd64.deb
sha:5cba6af6338c6b06e5417bdfdab2af79b66ff843
-
alt-nodejs16-docs_16.20.2-17_arm64.deb
sha:7dd5c1fb1a19cbf19db61e3397af32a82ae55241
-
alt-nodejs16-nodejs_16.20.2-17_arm64.deb
sha:8865e71c8e4d4e2b1be6206d8fab3947b4609bcb
-
alt-nodejs16-nodejs-devel_16.20.2-17_arm64.deb
sha:5f6623a3860ddc9fe11c188f6f76982e4f63b10f
-
alt-nodejs16-npm_8.19.4-16.20.2-17_arm64.deb
sha:b49a466bbf6eb9df148722894b2b95aa2d090df1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
