[CLSA-2026:1783342928] nodejs: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-06 13:02:26 UTC
Description:
- CVE-2026-48933: guard WebCrypto AES cipher output length to prevent an integer overflow that crashes the process on ~2GiB subtle.encrypt inputs - CVE-2026-48934: bind reusable TLS sessions to the authenticated host so a resumed session cannot bypass server identity (hostname) verification
Updated packages:
  • nodejs-16.20.2-8.el9_2.tuxcare.els14.x86_64.rpm
    sha:d396e4a07f6bbc5b4a90bcad8cd56f7c6addc2afdf7761ec860875fcac6fbbbf
  • nodejs-devel-16.20.2-8.el9_2.tuxcare.els14.x86_64.rpm
    sha:322107db9906d352ce44a07fd100dd30542865e7ffa8a8b79a7b6eaee010bfbb
  • nodejs-docs-16.20.2-8.el9_2.tuxcare.els14.noarch.rpm
    sha:a8a358da3bf56da4fae258a10c0f963a9638d644fecc7cb66fd702578c59a876
  • nodejs-full-i18n-16.20.2-8.el9_2.tuxcare.els14.x86_64.rpm
    sha:d832fe885c7d8da65892667cacafd62957adb169051a8e8a58fb15e0d3f46ce3
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els14.i686.rpm
    sha:f3de68c9c9ddedc2079b9cac8e671b58bf1862a56495a80b9673cf13160f2100
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els14.x86_64.rpm
    sha:f4d640cf52c43bb65b0b1d78be25447d6ec44ec0f5af4bed0b9e8236b412ac95
  • npm-8.19.4_1.16.20.2-8.el9_2.tuxcare.els14.x86_64.rpm
    sha:ae2d07e52a729c266d30168ab286ff284ce14d5206dec7eae0a751f29208d403
  • v8-devel-9.4.146.26_1.16.20.2-8.el9_2.tuxcare.els14.x86_64.rpm
    sha:d0763f29e65eae05392ac8e0698163025f304535d04b04fcb2c6157ae4047c0f
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.