[CLSA-2026:1783676351] nodejs: Fix of 4 CVEs
Type:
security
Severity:
Critical
Release date:
2026-07-10 09:39:30 UTC
Description:
- CVE-2026-48930: reject hostnames with embedded NUL bytes in dns.lookup and net.connect to prevent silent authority rebinding - CVE-2026-48619: cap the HTTP/2 client ORIGIN set size to prevent unbounded memory growth - CVE-2026-48618: normalize hostname to ASCII for TLS server identity checks - CVE-2026-48928: make SNI context matching case-insensitive
Updated packages:
  • nodejs-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
    sha:bece9230a55b3fd24a1f409011fce44fcd9632b109cb85386b978c01c5031c56
  • nodejs-devel-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
    sha:c0d1d85ab543fb02dbcb0830c7fbba81c7b641162285ecee6ab88c3da15f6f04
  • nodejs-docs-16.20.2-8.el9_6.tuxcare.els15.noarch.rpm
    sha:f832b653a53c5726baec6dcb5307a228fdbf17024e7d56d2dc4410ac87155123
  • nodejs-full-i18n-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
    sha:124fbf6bd1d38cfefa10ac3e4d043e99dfec8f33509db2cf01882e09a7b4c179
  • nodejs-libs-16.20.2-8.el9_6.tuxcare.els15.i686.rpm
    sha:56591f1becf9c1c34809984548bda22cb2792cb514ff0971f801f39468342751
  • nodejs-libs-16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
    sha:2b8d3d4fd44a228ac0d5028f04e6d738dd2f46ddf59f8300816519c64c6c84da
  • npm-8.19.4_1.16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
    sha:115366088cf6086807ee64a3de552edbb450644e0b3cb41a8419fceea479ed16
  • v8-devel-9.4.146.26_1.16.20.2-8.el9_6.tuxcare.els15.x86_64.rpm
    sha:43f908122283122c16ee61cfb9637942583d262d9f5c9c6f0ce376cc5d057b78
Notes:
This page is generated automatically and has not been checked for errors. For clarification or corrections please contact the CloudLinux Packaging Team.