CLSA-2026:1779466581

[CLSA-2026:1779466581] alt-nodejs14-nodejs: Fix of CVE-2026-21714

Type:

security

Severity:

Moderate

Release date:

2026-05-22 16:16:25 UTC

Description:

- CVE-2026-21714: propagate NGHTTP2_ERR_FLOW_CONTROL in OnInvalidFrame
  so Http2Session is destroyed after connection-level WINDOW_UPDATE overflow
  instead of leaking memory

Updated packages:

alt-nodejs14-nodejs-14.21.3-21.el9.x86_64.rpm
sha:eaaf483849dd2e040a498e1c69541d33c615cade1f8d3c706699f1a35b005863
alt-nodejs14-nodejs-devel-14.21.3-21.el9.x86_64.rpm
sha:1f586d63b3cc9dbda4cbfd7474fab2d19049eb1800f08e6c02f7698ce781b8d8
alt-nodejs14-nodejs-docs-14.21.3-21.el9.noarch.rpm
sha:ef7e44e5918822d6eb5c40b3ed073d2f01eef6785493f0baa6a3bb331aed9b24
alt-nodejs14-npm-6.14.18-14.21.3.21.el9.x86_64.rpm
sha:3c481c6dadc42106dc97b603f089a24b5a7ec4f8af964d1a4194c46097ea50f5

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.