Release date:
2026-07-10 09:21:53 UTC
Description:
- CVE-2026-48930: reject hostnames with embedded NUL bytes in dns.lookup and
net.connect to prevent silent authority rebinding
- CVE-2026-48619: cap the HTTP/2 client ORIGIN set size to prevent unbounded
memory growth
- CVE-2026-48618: normalize hostname to ASCII for TLS server identity checks
- CVE-2026-48928: make SNI context matching case-insensitive
Updated packages:
-
nodejs-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
sha:abb88bd842a2e5397357afa09a97df53da8b9ae3afc6b433ccdab5ecda34a0cf
-
nodejs-devel-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
sha:7968d77fa1404eaf6ac218897a3523e1562aac08d4fd1772bba2c370fc890612
-
nodejs-docs-16.20.2-8.el9_2.tuxcare.els15.noarch.rpm
sha:f180ab2a7f63dfbb069635877410f27cc9d511f5f0306ed8fe7215c0c4cf078f
-
nodejs-full-i18n-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
sha:62eb1290952317bd0b5f6c10bb2f19dba1155bcfbd7bde6b505f4aba8d63013c
-
nodejs-libs-16.20.2-8.el9_2.tuxcare.els15.i686.rpm
sha:015ddaac469aa6408abd24ddf5e2ed593657d38f1a47553843d73ce29aaebd43
-
nodejs-libs-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
sha:c70d7c4b3ecf4f45aee05ab951e410feb5ed8beb31a6cce611a905c71b42f332
-
npm-8.19.4_1.16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
sha:9ab2bc79f8fa8211f814544d41528ac4eba13ac28147b8b30be15668a16b8911
-
v8-devel-9.4.146.26_1.16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
sha:621db44c5b910379b442f88a9a5c1c3496a0bfa39704b9c97acc9490223d5506
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.