[CLSA-2026:1772125283] nodejs: Fix of 4 CVEs
Type:
security
Severity:
Important
Release date:
2026-02-26 17:01:28 UTC
Description:
- CVE-2025-23167: fix improper termination of HTTP/1 headers using `\r\n\rX` instead of the required `\r\n\r\n`. - CVE-2025-59466: fix uncatchable stack overflow exceptions when async_hooks are enabled, preventing denial-of-service crashes in applications using AsyncLocalStorage or async_hooks.createHook(). - CVE-2025-59465: add TLSSocket default error handler to prevent server crash from unhandled ECONNRESET when a malformed HTTP/2 HEADERS frame with invalid HPACK data abruptly destroys a TLS connection during initialization. - CVE-2025-55131: refactor unsafe buffer creation to remove zero-fill toggle, preventing exposure of uninitialized memory when buffer allocations are interrupted via the vm module timeout option.
Updated packages:
  • nodejs-16.20.2-8.el9_6.tuxcare.els8.x86_64.rpm
    sha:582b5ee6c4da69c8d28e2f1a9c966486a5d65c1459ecd6eed58d07bdefe99b6c
  • nodejs-devel-16.20.2-8.el9_6.tuxcare.els8.x86_64.rpm
    sha:5521cdc73bb69e498dfb9b71d065e3f028b0cb24dacc910cc095e9d90b3138b6
  • nodejs-docs-16.20.2-8.el9_6.tuxcare.els8.noarch.rpm
    sha:46c995d66b0255ced6b05ce2ca92ccb11e5681af185d1b8d788cd1652f7c1183
  • nodejs-full-i18n-16.20.2-8.el9_6.tuxcare.els8.x86_64.rpm
    sha:b345ab19c7f3205b9ea584672a5be20f367573ae3f247cada5ed368760ed9a86
  • nodejs-libs-16.20.2-8.el9_6.tuxcare.els8.i686.rpm
    sha:3623477056e03a54d1a285fc62cf244294c64175017a804ba0982e7ffd477f94
  • nodejs-libs-16.20.2-8.el9_6.tuxcare.els8.x86_64.rpm
    sha:a145c70f695356a443ec01460c53dcca0388286e6f2d001645fb387ff855dd5f
  • npm-8.19.4_1.16.20.2-8.el9_6.tuxcare.els8.x86_64.rpm
    sha:e7e459e69b036562a88a66cef264fa6afac72502378041d951a29a8431d3eb33
  • v8-devel-9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els8.x86_64.rpm
    sha:3a78fadcebb27ef9f4a459923f63b96c3419518e04a4a93cf923ba9078fcbe5a
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.