[CLSA-2026:1783353048] nodejs: Fix of 2 CVEs
Type:
security
Severity:
Important
Release date:
2026-07-06 15:51:05 UTC
Description:
- CVE-2026-48933: guard WebCrypto AES cipher output length to prevent an integer overflow that crashes the process on ~2GiB subtle.encrypt inputs - CVE-2026-48934: bind reusable TLS sessions to the authenticated host so a resumed session cannot bypass server identity (hostname) verification
Updated packages:
  • nodejs-16.20.2-8.el9_6.tuxcare.els14.x86_64.rpm
    sha:aa0b7164eb86c958e2e939c292c49cebd8b76714d5a7c2a9d17cff75dfa408ec
  • nodejs-devel-16.20.2-8.el9_6.tuxcare.els14.x86_64.rpm
    sha:023e0c439ca68528b33a63a6b44429ff268b73eb3828b683862edc0c0a969207
  • nodejs-docs-16.20.2-8.el9_6.tuxcare.els14.noarch.rpm
    sha:dfd576369a3da42e29cb3ba7ed8f09f9d3f983b1426707c1e0a4b620407ac2a5
  • nodejs-full-i18n-16.20.2-8.el9_6.tuxcare.els14.x86_64.rpm
    sha:482dfb50dc74131eb3cc2fb523c7e92fe74122bc1c9390d99b467b990b6f6a61
  • nodejs-libs-16.20.2-8.el9_6.tuxcare.els14.i686.rpm
    sha:ccaf466921f934855dfcb5ac6e305dba052a152110e837ac5138b30ac1e8e9d3
  • nodejs-libs-16.20.2-8.el9_6.tuxcare.els14.x86_64.rpm
    sha:e106767d7d191a447d307da0e78b53182e5c8afe6bdd94240bcbe56c802fbc00
  • npm-8.19.4_1.16.20.2-8.el9_6.tuxcare.els14.x86_64.rpm
    sha:e3621f90c08b485890faac16f7fab6a0854dcdecb7084d2bd9f208779ef4e67c
  • v8-devel-9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els14.x86_64.rpm
    sha:7f3a58a8415a621d8e52396b7379d3882e3fd607299c8af6abbd04d9c988ed65
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.