[CLSA-2026:1779865734] alt-nodejs14-nodejs: Fix of CVE-2026-21714
Type:
security
Severity:
Moderate
Release date:
2026-05-27 07:08:59 UTC
Description:
- CVE-2026-21714: propagate NGHTTP2_ERR_FLOW_CONTROL in OnInvalidFrame so Http2Session is destroyed after connection-level WINDOW_UPDATE overflow instead of leaking memory
Updated packages:
  • alt-nodejs14-nodejs-14.21.3-21.el8.x86_64.rpm
    sha:f7542a2bbe5d77ef1e353e13625d7ee47dc41cd1dc272bedc84c6355b56a95db
  • alt-nodejs14-nodejs-devel-14.21.3-21.el8.x86_64.rpm
    sha:8857606bbb4d82ad2beafcca15fcba33f0ac0cac7a6ec91be08d8c48f8616602
  • alt-nodejs14-nodejs-docs-14.21.3-21.el8.noarch.rpm
    sha:b2b76970d2089337fc902503e27c0a5fbfa9e3208f2c3dd37fb3e3425b310a0d
  • alt-nodejs14-npm-6.14.18-14.21.3.21.el8.x86_64.rpm
    sha:2f250c4272cd8d062e8456bc5b5d6cb96121488b4ddab6db61aff840ab53d86d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.