Release date:
2026-06-01 07:58:57 UTC
Description:
* SECURITY UPDATE: HashDoS via V8 array-index hash collisions
- debian/patches/CVE-2026-21717.patch: scramble V8 array-index hash_field
with a 3-round xorshift-multiply so consecutive numeric strings no
longer hash to consecutive buckets, preventing O(n^2) HashDoS via
JSON.parse
- CVE-2026-21717
Updated packages:
-
alt-nodejs12-docs_12.22.12-21_amd64.deb
sha:9ba3a57fd1217b1e7b4c91776e3de6c7de04831a
-
alt-nodejs12-nodejs_12.22.12-21_amd64.deb
sha:8073c75e4af0f51198b6d8bde1f8cb0e15134e62
-
alt-nodejs12-nodejs-devel_12.22.12-21_amd64.deb
sha:e60abba8249b82e9439b9e59a9e7b6e4732802b3
-
alt-nodejs12-npm_6.14.16-12.22.12.21_amd64.deb
sha:9cef0ccc2a718cced5b1cb2caefb296a1bd8ae16
Notes:
This page is generated automatically and has not been checked for errors. For clarification or
corrections please contact the
CloudLinux Packaging Team.
