Release date:
2026-07-07 11:28:46 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded
memory growth from malicious ORIGIN frames
- CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to
prevent silent authority rebinding via C-string truncation
- CVE-2026-48933: guard WebCrypto cipher output length to avoid signed
integer overflow on ~2 GiB inputs
Updated packages:
-
alt-nodejs20-nodejs-20.20.2-3.el9.x86_64.rpm
sha:79813dd326924f82d70d81708d3bd60351021ca1f3d72bd32dab757475441aae
-
alt-nodejs20-nodejs-devel-20.20.2-3.el9.x86_64.rpm
sha:066bab5c8491b9ec63e0bf48935b02b06e483e7a67fe58d8c84eca3ca74e08a6
-
alt-nodejs20-nodejs-docs-20.20.2-3.el9.noarch.rpm
sha:30e9df69eb3671944ab459f34a092c5ad43019bec54acbca72d7016890df46f7
-
alt-nodejs20-npm-10.8.2-20.20.2.3.el9.x86_64.rpm
sha:d908fc0de4ead6d369fe486c325c4247afedf62973decb9666d6f1e58b885505
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.