- Issued:
- 2017-10-18
- Updated:
- 2017-10-18
RHSA-2017:2908 - Security Advisory
Synopsis
Moderate: rh-nodejs6-nodejs security update
Type/Severity
Security Advisory: Moderate
Topic
An update for rh-nodejs6-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs (6.11.3). (BZ#1476317)
Security Fix(es):
- It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service. (CVE-2017-11499)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64
Fixes
- BZ - 1475327 - CVE-2017-11499 nodejs: Constant Hashtable Seeds vulnerability
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el7.src.rpm | SHA-256: 7f2f63a08c076dc4721c62c916c8a4c8a54d141c63c4845a7e9cfac87ebada01 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el7.x86_64.rpm | SHA-256: b0c067a2fea68b4e5b2a2d3e556164b7f6591d2d3804bc86a11888ed0f86115f |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el7.x86_64.rpm | SHA-256: 659387fa130d78e412d0f1605c178b8a16707159e37e8c55889de7dfe83f19e9 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el7.x86_64.rpm | SHA-256: 409670f417372607bd277da194ca78c877fec083628253516063ac52a37f0dff |
| rh-nodejs6-nodejs-docs-6.11.3-2.el7.noarch.rpm | SHA-256: b83e13f28da1560c08da9e0663da376cf06a415b61279b4a6fc50f6491cb8f33 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el7.src.rpm | SHA-256: 7f2f63a08c076dc4721c62c916c8a4c8a54d141c63c4845a7e9cfac87ebada01 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el7.x86_64.rpm | SHA-256: b0c067a2fea68b4e5b2a2d3e556164b7f6591d2d3804bc86a11888ed0f86115f |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el7.x86_64.rpm | SHA-256: 659387fa130d78e412d0f1605c178b8a16707159e37e8c55889de7dfe83f19e9 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el7.x86_64.rpm | SHA-256: 409670f417372607bd277da194ca78c877fec083628253516063ac52a37f0dff |
| rh-nodejs6-nodejs-docs-6.11.3-2.el7.noarch.rpm | SHA-256: b83e13f28da1560c08da9e0663da376cf06a415b61279b4a6fc50f6491cb8f33 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el7.src.rpm | SHA-256: 7f2f63a08c076dc4721c62c916c8a4c8a54d141c63c4845a7e9cfac87ebada01 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el7.x86_64.rpm | SHA-256: b0c067a2fea68b4e5b2a2d3e556164b7f6591d2d3804bc86a11888ed0f86115f |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el7.x86_64.rpm | SHA-256: 659387fa130d78e412d0f1605c178b8a16707159e37e8c55889de7dfe83f19e9 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el7.x86_64.rpm | SHA-256: 409670f417372607bd277da194ca78c877fec083628253516063ac52a37f0dff |
| rh-nodejs6-nodejs-docs-6.11.3-2.el7.noarch.rpm | SHA-256: b83e13f28da1560c08da9e0663da376cf06a415b61279b4a6fc50f6491cb8f33 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el7.src.rpm | SHA-256: 7f2f63a08c076dc4721c62c916c8a4c8a54d141c63c4845a7e9cfac87ebada01 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el7.x86_64.rpm | SHA-256: b0c067a2fea68b4e5b2a2d3e556164b7f6591d2d3804bc86a11888ed0f86115f |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el7.x86_64.rpm | SHA-256: 659387fa130d78e412d0f1605c178b8a16707159e37e8c55889de7dfe83f19e9 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el7.x86_64.rpm | SHA-256: 409670f417372607bd277da194ca78c877fec083628253516063ac52a37f0dff |
| rh-nodejs6-nodejs-docs-6.11.3-2.el7.noarch.rpm | SHA-256: b83e13f28da1560c08da9e0663da376cf06a415b61279b4a6fc50f6491cb8f33 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el6.src.rpm | SHA-256: 84ceaa96a0b970fe67181d2de2b8a87bf61f028e6abf40e9b7ab2a762ffe9b49 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el6.x86_64.rpm | SHA-256: c214004244ae899a7c28612b0f608b4fb3c14afd4397e12485d1d935ee119f34 |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el6.x86_64.rpm | SHA-256: 4f814894728f7d4897e8c6ba02bf23868f518d70aa657289c27d78ccfdf50ce3 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el6.x86_64.rpm | SHA-256: 46dc388deffc3702473f3c309a251e148b9ad16868c194cc1ab6fd872405e3d4 |
| rh-nodejs6-nodejs-docs-6.11.3-2.el6.noarch.rpm | SHA-256: a24a79638919a603b2436fffe2cc1500f0afad96ecb97c5d2d5373151a459ed2 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el6.src.rpm | SHA-256: 84ceaa96a0b970fe67181d2de2b8a87bf61f028e6abf40e9b7ab2a762ffe9b49 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el6.x86_64.rpm | SHA-256: c214004244ae899a7c28612b0f608b4fb3c14afd4397e12485d1d935ee119f34 |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el6.x86_64.rpm | SHA-256: 4f814894728f7d4897e8c6ba02bf23868f518d70aa657289c27d78ccfdf50ce3 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el6.x86_64.rpm | SHA-256: 46dc388deffc3702473f3c309a251e148b9ad16868c194cc1ab6fd872405e3d4 |
| rh-nodejs6-nodejs-docs-6.11.3-2.el6.noarch.rpm | SHA-256: a24a79638919a603b2436fffe2cc1500f0afad96ecb97c5d2d5373151a459ed2 |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el7.src.rpm | SHA-256: 7f2f63a08c076dc4721c62c916c8a4c8a54d141c63c4845a7e9cfac87ebada01 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el7.x86_64.rpm | SHA-256: b0c067a2fea68b4e5b2a2d3e556164b7f6591d2d3804bc86a11888ed0f86115f |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el7.x86_64.rpm | SHA-256: 659387fa130d78e412d0f1605c178b8a16707159e37e8c55889de7dfe83f19e9 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el7.x86_64.rpm | SHA-256: 409670f417372607bd277da194ca78c877fec083628253516063ac52a37f0dff |
| rh-nodejs6-nodejs-docs-6.11.3-2.el7.noarch.rpm | SHA-256: b83e13f28da1560c08da9e0663da376cf06a415b61279b4a6fc50f6491cb8f33 |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-6.11.3-2.el6.src.rpm | SHA-256: 84ceaa96a0b970fe67181d2de2b8a87bf61f028e6abf40e9b7ab2a762ffe9b49 |
| x86_64 | |
| rh-nodejs6-nodejs-6.11.3-2.el6.x86_64.rpm | SHA-256: c214004244ae899a7c28612b0f608b4fb3c14afd4397e12485d1d935ee119f34 |
| rh-nodejs6-nodejs-debuginfo-6.11.3-2.el6.x86_64.rpm | SHA-256: 4f814894728f7d4897e8c6ba02bf23868f518d70aa657289c27d78ccfdf50ce3 |
| rh-nodejs6-nodejs-devel-6.11.3-2.el6.x86_64.rpm | SHA-256: 46dc388deffc3702473f3c309a251e148b9ad16868c194cc1ab6fd872405e3d4 |
| rh-nodejs6-nodejs-docs-6.11.3-2.el6.noarch.rpm | SHA-256: a24a79638919a603b2436fffe2cc1500f0afad96ecb97c5d2d5373151a459ed2 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.