[CLSA-2026:1783425153] alt-nodejs20-nodejs: Fix of 3 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-07 11:52:50 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded memory growth from malicious ORIGIN frames - CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to prevent silent authority rebinding via C-string truncation - CVE-2026-48933: guard WebCrypto cipher output length to avoid signed integer overflow on ~2 GiB inputs
Updated packages:
  • alt-nodejs20-nodejs-20.20.2-3.el10.x86_64.rpm
    sha:470a2bd728a14c1ab3f5ebbdc7ceeb89290974931f40899357768c2c10504f1f
  • alt-nodejs20-nodejs-devel-20.20.2-3.el10.x86_64.rpm
    sha:56cbf8fb486bc822e067e131c4b25e4d102ff9c966c51e5b3d5e1d88566df672
  • alt-nodejs20-nodejs-docs-20.20.2-3.el10.noarch.rpm
    sha:1323f0bf83d57511f5d7e7fe17410c1321a9d333d75596f89327c946f4ee9d3a
  • alt-nodejs20-npm-10.8.2-20.20.2.3.el10.x86_64.rpm
    sha:803f46dc89c6f3cbeae45b672a3cace8e2104557ae30dc33d7a11972e944933c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.