Release date:
2026-06-12 09:57:54 UTC
Description:
- CVE-2023-44487: HTTP/2 Rapid Reset. Backport the nghttp2 RST_STREAM
rate-limit mitigation (token bucket, burst=1000 rate=33/s) to the bundled
deps/nghttp2 1.47.0; once the per-connection budget is exhausted a GOAWAY
is sent, tearing down peers that rapidly open and cancel HTTP/2 streams.
Minimal cherry-pick of upstream nghttp2 commit 72b4af6143 (shipped in
1.57.0), no wholesale version bump
Updated packages:
-
alt-nodejs16-nodejs-16.20.2-22.el9.x86_64.rpm
sha:bb01790fe817e93a5ec2dbe6a79c9ebfb085c8828962238e5a2cff6b325e90bc
-
alt-nodejs16-nodejs-devel-16.20.2-22.el9.x86_64.rpm
sha:61a6bc3d41cf9aacab170d9fd52c6d08f3e09ea0c10a179663823e1b6da1db1c
-
alt-nodejs16-nodejs-docs-16.20.2-22.el9.noarch.rpm
sha:f056661d555feb37d3724ca8966fff24d9643c27bf4f8dfdaa1c3aa566b067a9
-
alt-nodejs16-npm-8.19.4-16.20.2.22.el9.x86_64.rpm
sha:6738f719f1b95dd8e08f8671a6d4f3da6a3cce8e618526271993c6571b788674
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
