Release date:
2026-06-16 11:24:21 UTC
Description:
- CVE-2023-30581: handle mainModule.__proto__ bypass of the experimental
policy mechanism; set the policy-wrapped require on Module.prototype and
use setOwnProperty for process.mainModule (backport of nodejs/node d0a8264ec9)
- CVE-2023-44487: HTTP/2 Rapid Reset; backport the nghttp2 RST_STREAM
rate-limit mitigation (token-bucket limiter, default burst 1000 / rate 33,
GOAWAY on exhaustion) into bundled deps/nghttp2 (backport of nghttp2 72b4af6)
Updated packages:
-
alt-nodejs12-nodejs-12.22.12-21.el9.x86_64.rpm
sha:1f350e3e90aaf3194cb834230f601c7fb611718ab687dd1adf853d16e6bc2ccd
-
alt-nodejs12-nodejs-devel-12.22.12-21.el9.x86_64.rpm
sha:5eb6b183c579a810afa797ae7ccf1dd5aa9b207b4ba909092b0f0abd052034d0
-
alt-nodejs12-nodejs-docs-12.22.12-21.el9.noarch.rpm
sha:ac66fb236c75e48ca9d71f7ce27d71cf28b4e9be9db7320c28e465c8d06560cb
-
alt-nodejs12-npm-6.14.16-12.22.12.21.el9.x86_64.rpm
sha:3d99d99a0c9a9a1d56d6a03f1176a9e9e1a2eeefe4476b066aba18cb23ab84f4
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
