Release date:
2025-11-14 14:48:29 UTC
Description:
- CVE-2023-30589: fix llhttp parser to properly validate LF after CR
in HTTP header fields, add lenient flag checks before allowing CR without LF,
add test file to verify the fix prevents request smuggling attacks
Updated packages:
-
alt-nodejs12-nodejs-12.22.12-3.el9.x86_64.rpm
sha:f4d4ac62b65e38dd2a54ec556d0859b6584718596154db07869be82bdcfecb62
-
alt-nodejs12-nodejs-devel-12.22.12-3.el9.x86_64.rpm
sha:8d7c5af4e71732422d3bc39cde3283724128a7e29a295533a9d982f2f2ae3d67
-
alt-nodejs12-nodejs-docs-12.22.12-3.el9.noarch.rpm
sha:90fd2c59334ee67a616a806fb7a7e01c836bb1af9ee9bc33c0413caaf3dba954
-
alt-nodejs12-npm-12.22.12-3.el9.x86_64.rpm
sha:6bb54fcf42d99f905dde60a4d65b78bdd0e00bda59c8bcc2be8997ca8210ae4d
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
