CLSA-2026:1779865509

[CLSA-2026:1779865509] alt-nodejs14-nodejs: Fix of CVE-2026-21714

Type:

security

Severity:

Moderate

Release date:

2026-05-27 07:05:14 UTC

Description:

- CVE-2026-21714: propagate NGHTTP2_ERR_FLOW_CONTROL in OnInvalidFrame
  so Http2Session is destroyed after connection-level WINDOW_UPDATE overflow
  instead of leaking memory

Updated packages:

alt-nodejs14-nodejs-14.21.3-21.el7.x86_64.rpm
sha:05d45f581b747317704244c5ecf01b3b833c89e7049bcf55e6ddbf7ee43bbe90
alt-nodejs14-nodejs-devel-14.21.3-21.el7.x86_64.rpm
sha:ae82106717c1cafc6a286f2d20db6e3d5fdf3a6a368c18b54774f596cb48dd88
alt-nodejs14-nodejs-docs-14.21.3-21.el7.noarch.rpm
sha:e0562d266a2242b6de3d28b6e95c11b28dc643a1cd56cff7292db69de348c9b4
alt-nodejs14-npm-6.14.18-14.21.3.21.el7.x86_64.rpm
sha:42900022ed947415274b4320a0a78cb052530f6e7fd605f212458d3b5e55e8e0

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.