Release date:
2026-07-07 11:52:50 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded
memory growth from malicious ORIGIN frames
- CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to
prevent silent authority rebinding via C-string truncation
- CVE-2026-48933: guard WebCrypto cipher output length to avoid signed
integer overflow on ~2 GiB inputs
Updated packages:
-
alt-nodejs20-nodejs-20.20.2-3.el10.x86_64.rpm
sha:470a2bd728a14c1ab3f5ebbdc7ceeb89290974931f40899357768c2c10504f1f
-
alt-nodejs20-nodejs-devel-20.20.2-3.el10.x86_64.rpm
sha:56cbf8fb486bc822e067e131c4b25e4d102ff9c966c51e5b3d5e1d88566df672
-
alt-nodejs20-nodejs-docs-20.20.2-3.el10.noarch.rpm
sha:1323f0bf83d57511f5d7e7fe17410c1321a9d333d75596f89327c946f4ee9d3a
-
alt-nodejs20-npm-10.8.2-20.20.2.3.el10.x86_64.rpm
sha:803f46dc89c6f3cbeae45b672a3cace8e2104557ae30dc33d7a11972e944933c
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.