CLSA-2026:1779466788

[CLSA-2026:1779466788] alt-nodejs12-nodejs: Fix of CVE-2026-21714

Type:

security

Severity:

Moderate

Release date:

2026-05-22 16:19:51 UTC

Description:

- CVE-2026-21714: propagate NGHTTP2_ERR_FLOW_CONTROL in OnInvalidFrame
  so Http2Session is destroyed after connection-level WINDOW_UPDATE overflow
  instead of leaking memory

Updated packages:

alt-nodejs12-nodejs-12.22.12-19.el9.x86_64.rpm
sha:6889d0b266c8b02367fff5f485715712b7428db111b3833121357242375999fc
alt-nodejs12-nodejs-devel-12.22.12-19.el9.x86_64.rpm
sha:e5411c397edfa80b1881d82c29bf466dfaa416d2f139c1f62aeb13930f2c48a2
alt-nodejs12-nodejs-docs-12.22.12-19.el9.noarch.rpm
sha:26dfc794c7498ed2a017b220593bc8c8eb2b38f5f3e1cb001e8550746a4c051d
alt-nodejs12-npm-6.14.16-12.22.12.19.el9.x86_64.rpm
sha:5f2f889950832f2ab3056e3f552e95a61f949217e79155da0bd7ab7f54e7c720

Notes:

This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.