Bug 1591013 (CVE-2018-7161)
Summary: | CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Laura Pardo <lpardo> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | ahardin, athmanem, avibelli, bgeorges, bleanhar, cbuissar, ccoleman, cmacedo, dbeveniu, dedgar, dffrench, drusso, hesilva, hhorak, jbalunas, jgoulding, jmadigan, jokerman, jorton, jpallich, jshepherd, krathod, lgriffin, lthon, mchappel, mrunge, mszynkie, ngough, nodejs-sig, pgallagh, pwright, rruss, sgallagh, tchollingsworth, thrcka, trepel, zsvetlik |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | nodejs 10.4.1, nodejs 9.11.2, nodejs 8.11.3 | Doc Type: | If docs needed, set a value |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2021-01-15 12:25:18 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 1591015, 1591014, 1591016, 1596529 | ||
Bug Blocks: | 1591010 |
Description
Laura Pardo
2018-06-13 22:16:00 UTC
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 1591015] Affects: fedora-all [bug 1591014] Upstream fix: https://github.com/nodejs/node/commit/8bf213dbdc7e RHOAR NodeJS 10.4.1, has already been released with a fix for this issue. This issue doesn't affect NodeJS 6, or 0.10 used by openshift-enterprise-10/logging-kibana and logging-auth-proxy respectively. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7.4 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7.5 EUS Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2018:2949 https://access.redhat.com/errata/RHSA-2018:2949 |