[CLSA-2026:1783423709] alt-nodejs20-nodejs: Fix of 3 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-07 11:28:46 UTC
Description:
- CVE-2026-48619: cap HTTP/2 client originSet size to prevent unbounded memory growth from malicious ORIGIN frames - CVE-2026-48930: reject dns/net hostnames with embedded NUL bytes to prevent silent authority rebinding via C-string truncation - CVE-2026-48933: guard WebCrypto cipher output length to avoid signed integer overflow on ~2 GiB inputs
Updated packages:
  • alt-nodejs20-nodejs-20.20.2-3.el9.x86_64.rpm
    sha:79813dd326924f82d70d81708d3bd60351021ca1f3d72bd32dab757475441aae
  • alt-nodejs20-nodejs-devel-20.20.2-3.el9.x86_64.rpm
    sha:066bab5c8491b9ec63e0bf48935b02b06e483e7a67fe58d8c84eca3ca74e08a6
  • alt-nodejs20-nodejs-docs-20.20.2-3.el9.noarch.rpm
    sha:30e9df69eb3671944ab459f34a092c5ad43019bec54acbca72d7016890df46f7
  • alt-nodejs20-npm-10.8.2-20.20.2.3.el9.x86_64.rpm
    sha:d908fc0de4ead6d369fe486c325c4247afedf62973decb9666d6f1e58b885505
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.