[CLSA-2026:1783675292] nodejs: Fix of 4 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-10 09:21:53 UTC
Description:
- CVE-2026-48930: reject hostnames with embedded NUL bytes in dns.lookup and net.connect to prevent silent authority rebinding - CVE-2026-48619: cap the HTTP/2 client ORIGIN set size to prevent unbounded memory growth - CVE-2026-48618: normalize hostname to ASCII for TLS server identity checks - CVE-2026-48928: make SNI context matching case-insensitive
Updated packages:
  • nodejs-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
    sha:abb88bd842a2e5397357afa09a97df53da8b9ae3afc6b433ccdab5ecda34a0cf
  • nodejs-devel-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
    sha:7968d77fa1404eaf6ac218897a3523e1562aac08d4fd1772bba2c370fc890612
  • nodejs-docs-16.20.2-8.el9_2.tuxcare.els15.noarch.rpm
    sha:f180ab2a7f63dfbb069635877410f27cc9d511f5f0306ed8fe7215c0c4cf078f
  • nodejs-full-i18n-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
    sha:62eb1290952317bd0b5f6c10bb2f19dba1155bcfbd7bde6b505f4aba8d63013c
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els15.i686.rpm
    sha:015ddaac469aa6408abd24ddf5e2ed593657d38f1a47553843d73ce29aaebd43
  • nodejs-libs-16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
    sha:c70d7c4b3ecf4f45aee05ab951e410feb5ed8beb31a6cce611a905c71b42f332
  • npm-8.19.4_1.16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
    sha:9ab2bc79f8fa8211f814544d41528ac4eba13ac28147b8b30be15668a16b8911
  • v8-devel-9.4.146.26_1.16.20.2-8.el9_2.tuxcare.els15.x86_64.rpm
    sha:621db44c5b910379b442f88a9a5c1c3496a0bfa39704b9c97acc9490223d5506
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.