CLSA-2026:1779968481

[CLSA-2026:1779968481] alt-nodejs16-nodejs: Fix of CVE-2026-21714

Type:

security

Severity:

Moderate

Release date:

2026-05-28 11:41:41 UTC

Description:

- CVE-2026-21714: propagate NGHTTP2_ERR_FLOW_CONTROL in OnInvalidFrame
  so Http2Session is destroyed after connection-level WINDOW_UPDATE overflow
  instead of leaking memory

Updated packages:

alt-nodejs16-nodejs-16.20.2-20.el8.x86_64.rpm
sha:fee34c03bcccceaf737f7031f3c738a24d4c9c865604b688fe65795ef0a1772f
alt-nodejs16-nodejs-devel-16.20.2-20.el8.x86_64.rpm
sha:a685dc9dd419647b2bf930d482a89bc576bb9033682447da448ca7fd2020b6e1
alt-nodejs16-nodejs-docs-16.20.2-20.el8.noarch.rpm
sha:1468b517cb4ec3693fb5f63b705fabf98482c65e82a29fd958cac3fd1407c547
alt-nodejs16-npm-8.19.4-16.20.2.20.el8.x86_64.rpm
sha:b12e4f2a5024bc8d3a1975c522ba27f4e3937f9e34008d754dd3526ee301f02c

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.