A flaw was found in all versions of Node.js 9.x and 10.x. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. References: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 1591021] Affects: fedora-all [bug 1591019]
RHOAR NodeJS 10.4.1, has already been released with a fix for this issue.
Upstream fix: https://github.com/nodejs/node/commit/0cb3325f1
This issue doesn't affect NodeJS 6, or 0.10 used by openshift-enterprise-10/logging-kibana and logging-auth-proxy respectively.