Red Hat Product Errata RHSA-2016:1583 - Security Advisory
Issued:
2016-08-09
Updated:
2016-08-09

RHSA-2016:1583 - Security Advisory

Synopsis

Moderate: rh-nodejs4-nodejs-minimatch security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for rh-nodejs4-nodejs-minimatch is now available for Red Hat Software Collections.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Minimatch is a minimal matching utility that works by converting glob expressions into JavaScript RegExp objects.

Security Fix(es):

  • A regular expression denial of service flaw was found in Minimatch. An attacker able to make an application using Minimatch to perform matching using a specially crafted glob pattern could cause the application to consume an excessive amount of CPU. (CVE-2016-1000023)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.2 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.1 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.6 x86_64
  • Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
  • Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64

Fixes

  • BZ - 1348509 - CVE-2016-1000023 nodejs-minimatch: Regular expression denial-of-service

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.7

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.6

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.2

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.1

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 7

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm SHA-256: 77182dd29d7d156d48003c79525c74bb95059f39887ea13030eb94e6d42a415e
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm SHA-256: 76246d6113a3061f2456fcccce07e58fbf476c576749fc2b5903c2b94f9eb610

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.6

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm SHA-256: 77182dd29d7d156d48003c79525c74bb95059f39887ea13030eb94e6d42a415e
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm SHA-256: 76246d6113a3061f2456fcccce07e58fbf476c576749fc2b5903c2b94f9eb610

Red Hat Software Collections (for RHEL Server) 1 for RHEL 6

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm SHA-256: 77182dd29d7d156d48003c79525c74bb95059f39887ea13030eb94e6d42a415e
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm SHA-256: 76246d6113a3061f2456fcccce07e58fbf476c576749fc2b5903c2b94f9eb610

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.src.rpm SHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el7.noarch.rpm SHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed

Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6

SRPM
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.src.rpm SHA-256: 77182dd29d7d156d48003c79525c74bb95059f39887ea13030eb94e6d42a415e
x86_64
rh-nodejs4-nodejs-minimatch-3.0.2-1.el6.noarch.rpm SHA-256: 76246d6113a3061f2456fcccce07e58fbf476c576749fc2b5903c2b94f9eb610

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.