- Issued:
- 2017-10-18
- Updated:
- 2017-10-18
RHSA-2017:2913 - Security Advisory
Synopsis
Moderate: rh-nodejs6-nodejs-tough-cookie security update
Type/Severity
Security Advisory: Moderate
Topic
An update for rh-nodejs6-nodejs-tough-cookie is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Description
Tough-Cookie is a Node.js module that offers RFC6265 Cookies and Cookie Jar.
The following packages have been upgraded to a later upstream version: rh-nodejs6-nodejs-tough-cookie (2.3.3). (BZ#1497701)
Security Fix(es):
- A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU. (CVE-2017-15010)
Solution
For details on how to apply this update, which includes the changes described in this advisory, refer to:
https://access.redhat.com/articles/11258
Affected Products
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7 x86_64
- Red Hat Software Collections (for RHEL Server) 1 for RHEL 6 x86_64
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7 x86_64
- Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6 x86_64
Fixes
- BZ - 1493989 - CVE-2017-15010 nodejs-tough-cookie: Regular expression denial of service
CVEs
References
Note:
More recent versions of these packages may be available.
Click a package name for more details.
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.5
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.src.rpm | SHA-256: e889739b9bd15b8f894c5145bb3303fae8a2878d19f10e160070662f03e430bb |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.noarch.rpm | SHA-256: b761637e37d53237389f5763f21118aa4e57e70f84f47a04fc1922c37b636340 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.4
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.src.rpm | SHA-256: e889739b9bd15b8f894c5145bb3303fae8a2878d19f10e160070662f03e430bb |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.noarch.rpm | SHA-256: b761637e37d53237389f5763f21118aa4e57e70f84f47a04fc1922c37b636340 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7.3
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.src.rpm | SHA-256: e889739b9bd15b8f894c5145bb3303fae8a2878d19f10e160070662f03e430bb |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.noarch.rpm | SHA-256: b761637e37d53237389f5763f21118aa4e57e70f84f47a04fc1922c37b636340 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.src.rpm | SHA-256: e889739b9bd15b8f894c5145bb3303fae8a2878d19f10e160070662f03e430bb |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.noarch.rpm | SHA-256: b761637e37d53237389f5763f21118aa4e57e70f84f47a04fc1922c37b636340 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6.7
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el6.src.rpm | SHA-256: 6fa05844102f5914e87db070bd31fb63fb920d0408cd16bcff5e45b7069159fe |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el6.noarch.rpm | SHA-256: 3de5d3baf61216d9d53e483b84a2a63823b59440f37c955e4b2dea5b919e60c6 |
Red Hat Software Collections (for RHEL Server) 1 for RHEL 6
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el6.src.rpm | SHA-256: 6fa05844102f5914e87db070bd31fb63fb920d0408cd16bcff5e45b7069159fe |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el6.noarch.rpm | SHA-256: 3de5d3baf61216d9d53e483b84a2a63823b59440f37c955e4b2dea5b919e60c6 |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 7
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.src.rpm | SHA-256: e889739b9bd15b8f894c5145bb3303fae8a2878d19f10e160070662f03e430bb |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el7.noarch.rpm | SHA-256: b761637e37d53237389f5763f21118aa4e57e70f84f47a04fc1922c37b636340 |
Red Hat Software Collections (for RHEL Workstation) 1 for RHEL 6
| SRPM | |
|---|---|
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el6.src.rpm | SHA-256: 6fa05844102f5914e87db070bd31fb63fb920d0408cd16bcff5e45b7069159fe |
| x86_64 | |
| rh-nodejs6-nodejs-tough-cookie-2.3.3-1.el6.noarch.rpm | SHA-256: 3de5d3baf61216d9d53e483b84a2a63823b59440f37c955e4b2dea5b919e60c6 |
The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.