A flaw was found in Node.js versions 9.7.0 and later and 10.x. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. References: https://nodejs.org/en/blog/vulnerability/june-2018-security-releases/
Created nodejs tracking bugs for this issue: Affects: epel-all [bug 1591024]
Where is the Fedora tracking bug for this?
In reply to comment 2: > Where is the Fedora tracking bug for this? Fedora-28 is shipped with nodejs-8.11.3-1.fc28, thus not affected. f-29 & rawhide are currently on nodejs-10.5.0 (https://apps.fedoraproject.org/packages/nodejs), which contains the fix, thus not affected either. Is there really a need for a fedora tracking bug ?
's/really/still/'
upstream fix: https://github.com/nodejs/node/commit/3217e8e66fa81e
This issue doesn't affect NodeJS 6, or 0.10 used by openshift-enterprise-10/logging-kibana and logging-auth-proxy respectively.