[CLSA-2026:1783421619] alt-nodejs20-nodejs: Fix of 3 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-07 10:53:59 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded memory growth from malicious ORIGIN frames - CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to prevent silent authority rebinding via C-string truncation - CVE-2026-48933: guard WebCrypto cipher output length to avoid signed integer overflow on ~2 GiB inputs
Updated packages:
  • alt-nodejs20-nodejs-20.20.2-3.el7.x86_64.rpm
    sha:dbb8a5414e8de1d8e747b67877bd9f51493cae7d6c8c48ba5b14c903de024d6e
  • alt-nodejs20-nodejs-devel-20.20.2-3.el7.x86_64.rpm
    sha:b597e192f815b099c59c9a50e4ee96159565f0cc61fc010ee069b960a1a197d1
  • alt-nodejs20-nodejs-docs-20.20.2-3.el7.noarch.rpm
    sha:fb3ffc2924f8bf7f693722bf4b102d1f6f57281ab2c0e1da02775cda9c26adc9
  • alt-nodejs20-npm-10.8.2-20.20.2.3.el7.x86_64.rpm
    sha:42c7775491bd5d92d82ade64ceb6600e26a4b0f1e9bc4990c7970683216eb7d4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.