Release date:
2025-11-17 16:37:34 UTC
Description:
* SECURITY UPDATE: HTTP Request Smuggling vulnerability via empty headers separated by CR
- debian/patches/CVE-2023-30589.patch: fix llhttp parser to properly validate LF after CR
in HTTP header fields, add lenient flag checks before allowing CR without LF,
add test file to verify the fix prevents request smuggling attacks
- CVE-2023-30589
Updated packages:
-
alt-nodejs14-docs_14.21.3-7_amd64.deb
sha:4e6b03ace4388caf866f96fcbe87006c1d086aea
-
alt-nodejs14-nodejs_14.21.3-7_amd64.deb
sha:92ae027e1c19902160d0bd35b546b465006b693a
-
alt-nodejs14-nodejs-devel_14.21.3-7_amd64.deb
sha:1b776acce2e64d41d127b3889734c232551a0ef6
-
alt-nodejs14-npm_6.14.18-14.21.3.7_amd64.deb
sha:8d7221d3d7b2195d5cb60d7e1f81511c45dd76b1
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
