[CLSA-2025:1763136937] alt-nodejs14-nodejs: Fix of CVE-2023-30589
Type:
security
Severity:
Important
Release date:
2025-11-14 16:15:40 UTC
Description:
- CVE-2023-30589: fix llhttp parser to properly validate LF after CR in HTTP header fields, add lenient flag checks before allowing CR without LF, add test file to verify the fix prevents request smuggling attacks
Updated packages:
  • alt-nodejs14-nodejs-14.21.3-5.el8.x86_64.rpm
    sha:95c5d0466d6beeb9ae94cb5c00a627f025ea90286feafbb2630ba12c09d4a667
  • alt-nodejs14-nodejs-devel-14.21.3-5.el8.x86_64.rpm
    sha:314aeb4c020f348cddd547ebe8f4e3e1ccbac17a3a752c7cb10bddf7f4e1d259
  • alt-nodejs14-nodejs-docs-14.21.3-5.el8.noarch.rpm
    sha:016f42c7a7ac84feb32c77bf5283f1209f84ed3aa26f0a210b9be81f17eef2ec
  • alt-nodejs14-npm-6.14.18-14.21.3.5.el8.x86_64.rpm
    sha:56dedd48e6e50a81de080c8fb0cbd768be3573d87dd5f1f2f44a5fbc28a3a33d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.