Release date:
2026-05-27 15:12:43 UTC
Description:
* SECURITY UPDATE: HashDoS in V8 — consecutive numeric strings collide in
the internal string table, letting attacker-controlled JSON.parse input
degrade performance ~440x in a local PoC against V8 12.9.202.28
- debian/patches/CVE-2026-21717.patch: scramble the 24-bit array-index
value stored in a Name's raw_hash_field via a 3-round xorshift-multiply
with compile-time constants (no upstream V8 12.9 backport exists; this
is an adapted reduced port — no rapidhash/HashSeed-view refactor)
- CVE-2026-21717
Updated packages:
-
alt-nodejs23-docs_23.11.1-14_amd64.deb
sha:b5915da6ecbea598b3ca19171d11f93cb7cf1e45
-
alt-nodejs23-nodejs_23.11.1-14_amd64.deb
sha:cbef510ac6ba647f3bda37d053335114924fbcb1
-
alt-nodejs23-nodejs-devel_23.11.1-14_amd64.deb
sha:f1e7716d152927f238f8fa7a6b41b75fd4fb4d1a
-
alt-nodejs23-npm_10.9.2-23.11.1.14_amd64.deb
sha:a342ba0b4a8a7282805e7cb13cab5aff2ae9ebc1
-
alt-nodejs23-docs_23.11.1-14_arm64.deb
sha:6b0f1e60f58cb7294a580c68c86de4744488012f
-
alt-nodejs23-nodejs_23.11.1-14_arm64.deb
sha:7bfd03ec14694386844765ae90da350b0b775c61
-
alt-nodejs23-nodejs-devel_23.11.1-14_arm64.deb
sha:732746de7c5e8aee69de1a8e51824b05e0456d88
-
alt-nodejs23-npm_10.9.2-23.11.1.14_arm64.deb
sha:3d6da28dfea09d8a189f394c10f24a860f2f9c0d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
