Release date:
2026-05-27 07:12:33 UTC
Description:
* SECURITY UPDATE: memory leak in HTTP/2 on flow control window overflow
- debian/patches/CVE-2026-21714.patch: treat NGHTTP2_ERR_FLOW_CONTROL in
OnInvalidFrame so Http2Session is destroyed after invalid connection-level
WINDOW_UPDATE instead of leaking
- CVE-2026-21714
Updated packages:
-
alt-nodejs14-docs_14.21.3-22_amd64.deb
sha:74f71150a878f1ad863511f1436318a292b49a73
-
alt-nodejs14-nodejs_14.21.3-22_amd64.deb
sha:df85ea869aebb38b40b4cdc17a554379552bb224
-
alt-nodejs14-nodejs-devel_14.21.3-22_amd64.deb
sha:8aaec3c79a2f90d0e3098043f2ec23c673c3edcb
-
alt-nodejs14-npm_6.14.18-14.21.3-22_amd64.deb
sha:158d54bcd2bce5fdf85d5f984022f01f771fd7b1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
