Release date:
2026-07-10 09:39:30 UTC
Description:
- CVE-2026-48930: reject hostnames with embedded NUL bytes in dns.lookup and
net.connect to prevent silent authority rebinding
- CVE-2026-48619: cap the HTTP/2 client ORIGIN set size to prevent unbounded
memory growth
- CVE-2026-48618: normalize hostname to ASCII for TLS server identity checks
- CVE-2026-48928: make SNI context matching case-insensitive
Updated packages:
-
nodejs-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
sha:bece9230a55b3fd24a1f409011fce44fcd9632b109cb85386b978c01c5031c56
-
nodejs-devel-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
sha:c0d1d85ab543fb02dbcb0830c7fbba81c7b641162285ecee6ab88c3da15f6f04
-
nodejs-docs-16.20.2-8.el9_6.tuxcare.els15.noarch.rpm
sha:f832b653a53c5726baec6dcb5307a228fdbf17024e7d56d2dc4410ac87155123
-
nodejs-full-i18n-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
sha:124fbf6bd1d38cfefa10ac3e4d043e99dfec8f33509db2cf01882e09a7b4c179
-
nodejs-libs-16.20.2-8.el9_6.tuxcare.els15.i686.rpm
sha:56591f1becf9c1c34809984548bda22cb2792cb514ff0971f801f39468342751
-
nodejs-libs-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
sha:2b8d3d4fd44a228ac0d5028f04e6d738dd2f46ddf59f8300816519c64c6c84da
-
npm-8.19.4_1.16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
sha:115366088cf6086807ee64a3de552edbb450644e0b3cb41a8419fceea479ed16
-
v8-devel-9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
sha:43f908122283122c16ee61cfb9637942583d262d9f5c9c6f0ce376cc5d057b78
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.