Release date:
2026-07-07 11:35:21 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded
memory growth from malicious ORIGIN frames
- CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to
prevent silent authority rebinding via C-string truncation
- CVE-2026-48933: guard WebCrypto cipher output length to avoid signed
integer overflow on ~2 GiB inputs
Updated packages:
-
alt-nodejs20-nodejs-20.20.2-3.el8.x86_64.rpm
sha:8e79e27146c7dbeaedec0839b8c7b5e87c731f0cf34fd088bf3f6fb8effe4c93
-
alt-nodejs20-nodejs-devel-20.20.2-3.el8.x86_64.rpm
sha:5c559ad52450b60d28d0243c812134e05d638021f13229132de854aa1217b282
-
alt-nodejs20-nodejs-docs-20.20.2-3.el8.noarch.rpm
sha:4cd4dbbf150b1d7a8c2b418af67aae03450900c29c0959a197643f1c8f4a29f5
-
alt-nodejs20-npm-10.8.2-20.20.2.3.el8.x86_64.rpm
sha:b725fede15a1ece1f1b1eae02b7a8eecb149aa464ab1b519869c6d86390890cd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.