Release Info

Advisory: CLSA-2025:1763137127

OS: EL 9

Public date: 2025-11-14 16:18:49.430165

Project: nodejs

Version: 14.21.3-5.el9

Errata link: https://errata.tuxcare.com/els_alt_nodejs/el9/CLSA-2025-1763137127.html

Changelog

- CVE-2023-30589: fix llhttp parser to properly validate LF after CR in HTTP header fields, add lenient flag checks before allowing CR without LF, add test file to verify the fix prevents request smuggling attacks

Update

Update command: yum update alt-nodejs*

Packages list

alt-nodejs14-nodejs-14.21.3-5.el9.x86_64.rpm alt-nodejs14-nodejs-devel-14.21.3-5.el9.x86_64.rpm alt-nodejs14-nodejs-docs-14.21.3-5.el9.noarch.rpm alt-nodejs14-npm-6.14.18-14.21.3.5.el9.x86_64.rpm

CVEs

CVE-2023-30589
CVE-2023-32559