- Issued:
- 2017-04-05
- Updated:
- 2017-04-05
RHSA-2017:0880 - Security Advisory
Synopsis
Moderate: v8 security update
Type/Severity
Security Advisory: Moderate
Topic
An update for v8 is now available for Red Hat OpenStack Platform 9.0 (Mitaka).
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition.
Security Fix(es):
- An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges. (CVE-2016-1669)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat OpenStack 9 x86_64
Fixes
- BZ - 1335449 - CVE-2016-1669 V8: integer overflow leading to buffer overflow in Zone::New
CVEs
References
Red Hat OpenStack 9
| SRPM | |
|---|---|
| v8-3.14.5.10-19.el7ost.src.rpm | SHA-256: 16aa9bfa01aa3c0c45fba74714214c5795f92e7619a973de09e2c7a0717256e5 |
| x86_64 | |
| v8-3.14.5.10-19.el7ost.x86_64.rpm | SHA-256: fff8c7b3660b3e48ca4fa8f160cb2df6f614261f115f06495e1af8f250a40c75 |
| v8-debuginfo-3.14.5.10-19.el7ost.x86_64.rpm | SHA-256: f2ed7ae526473225cf52a5e513c27cd5b52963b3e60eff3b3fe2c3d8e35e8c0e |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.