Release date:
2026-06-12 14:27:32 UTC
Description:
- CVE-2023-44487: HTTP/2 Rapid Reset. Backport the nghttp2 RST_STREAM
rate-limit mitigation (token bucket, burst=1000 rate=33/s) to the bundled
deps/nghttp2 1.47.0; once the per-connection budget is exhausted a GOAWAY
is sent, tearing down peers that rapidly open and cancel HTTP/2 streams.
Minimal cherry-pick of upstream nghttp2 commit 72b4af6143 (shipped in
1.57.0), no wholesale version bump
Updated packages:
-
alt-nodejs16-nodejs-16.20.2-22.el10.x86_64.rpm
sha:accc16a6dcc97a2e49268c5bd795a0266f34ebc65059f92e3b71a3a5cadcec9d
-
alt-nodejs16-nodejs-devel-16.20.2-22.el10.x86_64.rpm
sha:57d928199f7ac5e4866211d0820ecbc5c8dd49c6891fec11b30bfa54df6ba930
-
alt-nodejs16-nodejs-docs-16.20.2-22.el10.noarch.rpm
sha:dd2384faaf6593ab6b7fa6056dfa5b71aabb49ade3cbe013b7efd261b3e0132a
-
alt-nodejs16-npm-8.19.4-16.20.2.22.el10.x86_64.rpm
sha:6dcf8b7398c791a61613dac31033c2d605e574c0afb22cb199d34573b2235c12
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
