RedHatRHSA-2016:2101(RHSA-2016:2101) Moderate: nodejs and nodejs-tough-cookie security, bug fix, and enhancement update
EPSS
Percentile
79.2%
Red Hat OpenShift Container Platform is the company’s cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or private
cloud deployments.
Security Fix(es):
-
A regular expression denial of service flaw was found in Tough-Cookie. An
attacker able to make an application using Touch-Cookie to parse a
sufficiently large HTTP request Cookie header could cause the application
to consume an excessive amount of CPU. (CVE-2016-1000232) -
It was found that the reason argument in ServerResponse#writeHead() was
not properly validated. A remote attacker could possibly use this flaw to
conduct an HTTP response splitting attack via a specially-crafted HTTP
request. (CVE-2016-5325)
This advisory contains the RPM packages for this release. See the following
advisory for the container images fixes for this release:
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | 7 | x86_64 | nodejs | < 0.10.47-2.el7 | nodejs-0.10.47-2.el7.x86_64.rpm |
| RedHat | 7 | noarch | nodejs-tough-cookie | < 2.3.1-1.el7 | nodejs-tough-cookie-2.3.1-1.el7.noarch.rpm |
| RedHat | 7 | x86_64 | nodejs-devel | < 0.10.47-2.el7 | nodejs-devel-0.10.47-2.el7.x86_64.rpm |
| RedHat | 7 | x86_64 | nodejs-debuginfo | < 0.10.47-2.el7 | nodejs-debuginfo-0.10.47-2.el7.x86_64.rpm |
| RedHat | 7 | noarch | nodejs-docs | < 0.10.47-2.el7 | nodejs-docs-0.10.47-2.el7.noarch.rpm |
Related
