Release date:
2026-06-12 10:55:50 UTC
Description:
- CVE-2023-30581: policy: handle mainModule.__proto__ bypass by installing
the policy-aware require() on the module prototype and assigning
process.mainModule via setOwnProperty(), closing the
process.mainModule.__proto__.require() experimental-policy bypass
- CVE-2023-44487: nghttp2 (HTTP/2 Rapid Reset): backport the upstream
nghttp2 1.57.0 RST_STREAM token-bucket rate limiter to the bundled
nghttp2 1.42.0 (default burst=1000, rate=33/s); excessive incoming
RST_STREAM frames now trigger a GOAWAY instead of unbounded work
Updated packages:
-
alt-nodejs14-nodejs-14.21.3-23.el8.x86_64.rpm
sha:fb88388727d3231b7a74bc88e73eb609c5615a7a13c2c3e21fbfc22a2a10ff01
-
alt-nodejs14-nodejs-devel-14.21.3-23.el8.x86_64.rpm
sha:ef1d0a5e754d85d593639cc9212ffd1fbead46ef0f1c495fce84b1a725effe10
-
alt-nodejs14-nodejs-docs-14.21.3-23.el8.noarch.rpm
sha:ea3c79209e21ff87175a9a7417ad68bb1a7db239f4fea3e8f72fa486a2ed2238
-
alt-nodejs14-npm-6.14.18-14.21.3.23.el8.x86_64.rpm
sha:051b3a4de7c40bafdc8faf5303a4b746e5e6b424d628b67df3a461fd41fe7283
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
