[CLSA-2026:1783424102] alt-nodejs20-nodejs: Fix of 3 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-07 11:35:21 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded memory growth from malicious ORIGIN frames - CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to prevent silent authority rebinding via C-string truncation - CVE-2026-48933: guard WebCrypto cipher output length to avoid signed integer overflow on ~2 GiB inputs
Updated packages:
  • alt-nodejs20-nodejs-20.20.2-3.el8.x86_64.rpm
    sha:8e79e27146c7dbeaedec0839b8c7b5e87c731f0cf34fd088bf3f6fb8effe4c93
  • alt-nodejs20-nodejs-devel-20.20.2-3.el8.x86_64.rpm
    sha:5c559ad52450b60d28d0243c812134e05d638021f13229132de854aa1217b282
  • alt-nodejs20-nodejs-docs-20.20.2-3.el8.noarch.rpm
    sha:4cd4dbbf150b1d7a8c2b418af67aae03450900c29c0959a197643f1c8f4a29f5
  • alt-nodejs20-npm-10.8.2-20.20.2.3.el8.x86_64.rpm
    sha:b725fede15a1ece1f1b1eae02b7a8eecb149aa464ab1b519869c6d86390890cd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.