CLSA-2026:1779466350

[CLSA-2026:1779466350] alt-nodejs18-nodejs: Fix of CVE-2026-21714

Type:

security

Severity:

Moderate

Release date:

2026-05-22 16:12:34 UTC

Description:

- CVE-2026-21714: propagate NGHTTP2_ERR_FLOW_CONTROL in OnInvalidFrame
  so Http2Session is destroyed after connection-level WINDOW_UPDATE overflow
  instead of leaking memory

Updated packages:

alt-nodejs18-nodejs-18.20.8-12.el9.x86_64.rpm
sha:0e98493bf863970e22cdf446f53502871c127896d99d0c0edd16fd1a893f1cd2
alt-nodejs18-nodejs-devel-18.20.8-12.el9.x86_64.rpm
sha:da22947ea94237f27083a52b9d8c725935b042b9675f3581aebc796a738e0483
alt-nodejs18-nodejs-docs-18.20.8-12.el9.noarch.rpm
sha:6f668ca645801cad2d5d11b413ba7a1b7e6b5e66cda60163a025392c079aa46d
alt-nodejs18-npm-10.8.2-18.20.8.12.el9.x86_64.rpm
sha:46c7bf271cae811538d44ce2c9f99321f0d00f200df7b00a37042b4c45e090c7

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.