Release date:
2026-07-07 10:53:59 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded
memory growth from malicious ORIGIN frames
- CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to
prevent silent authority rebinding via C-string truncation
- CVE-2026-48933: guard WebCrypto cipher output length to avoid signed
integer overflow on ~2 GiB inputs
Updated packages:
-
alt-nodejs20-nodejs-20.20.2-3.el7.x86_64.rpm
sha:dbb8a5414e8de1d8e747b67877bd9f51493cae7d6c8c48ba5b14c903de024d6e
-
alt-nodejs20-nodejs-devel-20.20.2-3.el7.x86_64.rpm
sha:b597e192f815b099c59c9a50e4ee96159565f0cc61fc010ee069b960a1a197d1
-
alt-nodejs20-nodejs-docs-20.20.2-3.el7.noarch.rpm
sha:fb3ffc2924f8bf7f693722bf4b102d1f6f57281ab2c0e1da02775cda9c26adc9
-
alt-nodejs20-npm-10.8.2-20.20.2.3.el7.x86_64.rpm
sha:42c7775491bd5d92d82ade64ceb6600e26a4b0f1e9bc4990c7970683216eb7d4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.