Release date:
2026-06-13 09:54:51 UTC
Description:
* SECURITY UPDATE: experimental policy bypass via mainModule.__proto__
- debian/patches/CVE-2023-30581.patch: install the policy-aware require()
on the module prototype and assign process.mainModule via
setOwnProperty(), so process.mainModule.__proto__.require() can no
longer escape the --experimental-policy manifest restrictions
- CVE-2023-30581
* SECURITY UPDATE: HTTP/2 Rapid Reset denial of service
- debian/patches/CVE-2023-44487.patch: backport the upstream nghttp2
1.57.0 RST_STREAM token-bucket rate limiter to the bundled nghttp2
1.42.0 (default burst=1000, rate=33/s); excessive incoming RST_STREAM
frames now tear the connection down with GOAWAY instead of doing
unbounded per-stream work
- CVE-2023-44487
Updated packages:
-
alt-nodejs14-docs_14.21.3-24_amd64.deb
sha:46df7ed75a2702245e11374875655d67e731425f
-
alt-nodejs14-nodejs_14.21.3-24_amd64.deb
sha:255c2b01970ea67f9b43dcddaaf376631fb688e2
-
alt-nodejs14-nodejs-devel_14.21.3-24_amd64.deb
sha:b7d13a7b114f057ccfe30f7f8a49cd6078830d46
-
alt-nodejs14-npm_6.14.18-14.21.3-24_amd64.deb
sha:b577d5d5a2441e1b427b2c9fd0055eac765dd84a
-
alt-nodejs14-docs_14.21.3-24_arm64.deb
sha:aa632ad71aaaf61b3642f29ca094ee55c6bc1f1f
-
alt-nodejs14-nodejs_14.21.3-24_arm64.deb
sha:e86f1c1334a98f0e7fb421fadede178d3442bf10
-
alt-nodejs14-nodejs-devel_14.21.3-24_arm64.deb
sha:3c37485cccb6956e6bd91f788f6151caa156c81a
-
alt-nodejs14-npm_6.14.18-14.21.3-24_arm64.deb
sha:c03c28d39b8aed71a29fb677bcbabd3d6ac6cabd
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
