Release date:
2025-11-14 16:18:51 UTC
Description:
- CVE-2023-30589: fix llhttp parser to properly validate LF after CR
in HTTP header fields, add lenient flag checks before allowing CR without LF,
add test file to verify the fix prevents request smuggling attacks
Updated packages:
-
alt-nodejs14-nodejs-14.21.3-5.el9.x86_64.rpm
sha:a68f4a8f2e668e9bf798c98bdc4efeccb4298f51bdcea79b64d002c689a7afae
-
alt-nodejs14-nodejs-devel-14.21.3-5.el9.x86_64.rpm
sha:a13a83239284007bcb651a200d34e274baaf9597126f0f0a1afd097c60a1c246
-
alt-nodejs14-nodejs-docs-14.21.3-5.el9.noarch.rpm
sha:d771e1274003233f7636eb6f16423dbcddd520bce37ad636e16c807724731cbe
-
alt-nodejs14-npm-6.14.18-14.21.3.5.el9.x86_64.rpm
sha:ab9271133af0c1e3987c6b9b8a7ba716d5980ba511444a84a3c12cd14e005422
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
