Issued:: 2020-04-21
Updated:: 2020-04-21

RHSA-2020:1510 - Security Advisory

Overview
Updated Packages

Synopsis

Important: http-parser security update

Type/Severity

Security Advisory: Important

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for http-parser is now available for Red Hat Enterprise Linux 7.6 Extended Update Support.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream.

Security Fix(es):

nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6 x86_64
Red Hat Enterprise Linux Server - AUS 7.6 x86_64
Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6 s390x
Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6 ppc64
Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6 ppc64le
Red Hat Enterprise Linux Server - TUS 7.6 x86_64
Red Hat Enterprise Linux for ARM 64 7 aarch64
Red Hat Enterprise Linux for Power 9 7 ppc64le
Red Hat Enterprise Linux EUS Compute Node 7.6 x86_64
Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6 ppc64le
Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6 x86_64
Red Hat Enterprise Linux for IBM System z (Structure A) 7 s390x

Fixes

BZ - 1800364 - CVE-2019-15605 nodejs: HTTP request smuggling using malformed Transfer-Encoding header

CVEs

CVE-2019-15605

References

https://access.redhat.com/security/updates/classification/#important

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
x86_64
http-parser-2.7.1-5.el7_6.1.i686.rpm	SHA-256: cdb2a58f7d3641eaf93cfa60c27236a748cba87506b1ba41d9d68bacfe6f2e96
http-parser-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 2040702a6a2ee2c6792ed8d13d913d30d8dc0830f5e1c9c1706077410bca580c
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-devel-2.7.1-5.el7_6.1.i686.rpm	SHA-256: 922ec83e5de82022fdf303482fcaf17bea4df74e42d9acb0a9888c5bde604c30
http-parser-devel-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: da9d8f49a13295c95fb8aee56875efe78bf03a0f76947f5447aab8430a6250eb

Red Hat Enterprise Linux Server - AUS 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
x86_64
http-parser-2.7.1-5.el7_6.1.i686.rpm	SHA-256: cdb2a58f7d3641eaf93cfa60c27236a748cba87506b1ba41d9d68bacfe6f2e96
http-parser-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 2040702a6a2ee2c6792ed8d13d913d30d8dc0830f5e1c9c1706077410bca580c
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-devel-2.7.1-5.el7_6.1.i686.rpm	SHA-256: 922ec83e5de82022fdf303482fcaf17bea4df74e42d9acb0a9888c5bde604c30
http-parser-devel-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: da9d8f49a13295c95fb8aee56875efe78bf03a0f76947f5447aab8430a6250eb

Red Hat Enterprise Linux for IBM z Systems - Extended Update Support 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
s390x
http-parser-2.7.1-5.el7_6.1.s390.rpm	SHA-256: 9f26b3f1080550d9d7de290cab7204445d456600480cfdd55f079ff8fd8835f5
http-parser-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: ffd6b6e342c82d9efa9e6ee66d9af74befdd3130ddc7a66b2ed87c1baa040f97
http-parser-debuginfo-2.7.1-5.el7_6.1.s390.rpm	SHA-256: bfe47dd99992dc9606ece935683cba2d84870df2b0c704c3a10f9c4cff6f92d5
http-parser-debuginfo-2.7.1-5.el7_6.1.s390.rpm	SHA-256: bfe47dd99992dc9606ece935683cba2d84870df2b0c704c3a10f9c4cff6f92d5
http-parser-debuginfo-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: b6232cfc44c55fe69e4a2186acc9adc6ce1bf84290704369ea4b8560e8a24cc8
http-parser-debuginfo-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: b6232cfc44c55fe69e4a2186acc9adc6ce1bf84290704369ea4b8560e8a24cc8
http-parser-devel-2.7.1-5.el7_6.1.s390.rpm	SHA-256: e0c34aa59efdd53fa20e16504021d8634345acf97b48e5733833d2431bd63862
http-parser-devel-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: f749927705ba2c6db8bb5330e3de40c4b1111985afc0e3e30f5669ff31c81b8f

Red Hat Enterprise Linux for Power, big endian - Extended Update Support 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
ppc64
http-parser-2.7.1-5.el7_6.1.ppc.rpm	SHA-256: bec8cb2be5d074a2e9c82fdb69cbbd308dede445a0d62030a8833bc15aab283f
http-parser-2.7.1-5.el7_6.1.ppc64.rpm	SHA-256: 9c083614a8b46338e7abd3a02c3c49f5b9942d76658f73d9c46a716b14252cc2
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc.rpm	SHA-256: 7ae56e1cadf9262f59b0f9b22ee0f6cbec7fb3ed0ea245b379a8b171e273c577
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc.rpm	SHA-256: 7ae56e1cadf9262f59b0f9b22ee0f6cbec7fb3ed0ea245b379a8b171e273c577
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64.rpm	SHA-256: 1666a5b4e72c2b40b467d27fd15a39b95a48d6526c29a2e55dfd71c61d37eace
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64.rpm	SHA-256: 1666a5b4e72c2b40b467d27fd15a39b95a48d6526c29a2e55dfd71c61d37eace
http-parser-devel-2.7.1-5.el7_6.1.ppc.rpm	SHA-256: 1d3975575970d280e05e7efa58a3b15178478568739104568bb8fd882120b5ae
http-parser-devel-2.7.1-5.el7_6.1.ppc64.rpm	SHA-256: 1d3beded48457dbb48d59a763c7ce986a203f6e4ec48517ada977b8e8eda5877

Red Hat Enterprise Linux for Power, little endian - Extended Update Support 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
ppc64le
http-parser-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: b50f8c65bda402236b93937212ff71a780be7245837bd1393fd9cec5d9496331
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: 2c322e8acdbb2796a81f554661a2aeee30f909ee5f6442529a7fa81a9042ee01
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: 2c322e8acdbb2796a81f554661a2aeee30f909ee5f6442529a7fa81a9042ee01
http-parser-devel-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: c8cbe717bf6292c226c9e3dd392d528a0894c2448e464c3e02f8b3fe442aa02e

Red Hat Enterprise Linux Server - TUS 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
x86_64
http-parser-2.7.1-5.el7_6.1.i686.rpm	SHA-256: cdb2a58f7d3641eaf93cfa60c27236a748cba87506b1ba41d9d68bacfe6f2e96
http-parser-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 2040702a6a2ee2c6792ed8d13d913d30d8dc0830f5e1c9c1706077410bca580c
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-devel-2.7.1-5.el7_6.1.i686.rpm	SHA-256: 922ec83e5de82022fdf303482fcaf17bea4df74e42d9acb0a9888c5bde604c30
http-parser-devel-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: da9d8f49a13295c95fb8aee56875efe78bf03a0f76947f5447aab8430a6250eb

Red Hat Enterprise Linux for ARM 64 7

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
aarch64
http-parser-2.7.1-5.el7_6.1.aarch64.rpm	SHA-256: 28ea8e394823dee687341d8a695f3d9fff1082fc139545390e3591080a10df5e
http-parser-debuginfo-2.7.1-5.el7_6.1.aarch64.rpm	SHA-256: 0b80dfc211c55d3768a1b66185605c4d3d6b70cc64f8fea766722c9461bc9548
http-parser-debuginfo-2.7.1-5.el7_6.1.aarch64.rpm	SHA-256: 0b80dfc211c55d3768a1b66185605c4d3d6b70cc64f8fea766722c9461bc9548
http-parser-devel-2.7.1-5.el7_6.1.aarch64.rpm	SHA-256: c657a3740b8e02b3d270fe51111d220d8c9bf8b841fec7f475ea67e814a67157

Red Hat Enterprise Linux for Power 9 7

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
ppc64le
http-parser-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: b50f8c65bda402236b93937212ff71a780be7245837bd1393fd9cec5d9496331
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: 2c322e8acdbb2796a81f554661a2aeee30f909ee5f6442529a7fa81a9042ee01
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: 2c322e8acdbb2796a81f554661a2aeee30f909ee5f6442529a7fa81a9042ee01
http-parser-devel-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: c8cbe717bf6292c226c9e3dd392d528a0894c2448e464c3e02f8b3fe442aa02e

Red Hat Enterprise Linux EUS Compute Node 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
x86_64
http-parser-2.7.1-5.el7_6.1.i686.rpm	SHA-256: cdb2a58f7d3641eaf93cfa60c27236a748cba87506b1ba41d9d68bacfe6f2e96
http-parser-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 2040702a6a2ee2c6792ed8d13d913d30d8dc0830f5e1c9c1706077410bca580c
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-devel-2.7.1-5.el7_6.1.i686.rpm	SHA-256: 922ec83e5de82022fdf303482fcaf17bea4df74e42d9acb0a9888c5bde604c30
http-parser-devel-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: da9d8f49a13295c95fb8aee56875efe78bf03a0f76947f5447aab8430a6250eb

Red Hat Enterprise Linux Server for Power LE - Update Services for SAP Solutions 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
ppc64le
http-parser-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: b50f8c65bda402236b93937212ff71a780be7245837bd1393fd9cec5d9496331
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: 2c322e8acdbb2796a81f554661a2aeee30f909ee5f6442529a7fa81a9042ee01
http-parser-debuginfo-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: 2c322e8acdbb2796a81f554661a2aeee30f909ee5f6442529a7fa81a9042ee01
http-parser-devel-2.7.1-5.el7_6.1.ppc64le.rpm	SHA-256: c8cbe717bf6292c226c9e3dd392d528a0894c2448e464c3e02f8b3fe442aa02e

Red Hat Enterprise Linux for x86_64 - Update Services for SAP Solutions 7.6

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
x86_64
http-parser-2.7.1-5.el7_6.1.i686.rpm	SHA-256: cdb2a58f7d3641eaf93cfa60c27236a748cba87506b1ba41d9d68bacfe6f2e96
http-parser-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 2040702a6a2ee2c6792ed8d13d913d30d8dc0830f5e1c9c1706077410bca580c
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.i686.rpm	SHA-256: c9984eee47f873502d2708a1a17f1e239d7f6a414ffcd8e6bb7e0a54f3dc0594
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-debuginfo-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: 5aeb69d2d409fb113dfd2cfd7d6fda777cbe522db4921c1a791d96a980567b42
http-parser-devel-2.7.1-5.el7_6.1.i686.rpm	SHA-256: 922ec83e5de82022fdf303482fcaf17bea4df74e42d9acb0a9888c5bde604c30
http-parser-devel-2.7.1-5.el7_6.1.x86_64.rpm	SHA-256: da9d8f49a13295c95fb8aee56875efe78bf03a0f76947f5447aab8430a6250eb

Red Hat Enterprise Linux for IBM System z (Structure A) 7

SRPM
http-parser-2.7.1-5.el7_6.1.src.rpm	SHA-256: cc212388b8b80cac2fd7826253304ce5bf10daadfc87e55724323f26a29c4c6d
s390x
http-parser-2.7.1-5.el7_6.1.s390.rpm	SHA-256: 9f26b3f1080550d9d7de290cab7204445d456600480cfdd55f079ff8fd8835f5
http-parser-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: ffd6b6e342c82d9efa9e6ee66d9af74befdd3130ddc7a66b2ed87c1baa040f97
http-parser-debuginfo-2.7.1-5.el7_6.1.s390.rpm	SHA-256: bfe47dd99992dc9606ece935683cba2d84870df2b0c704c3a10f9c4cff6f92d5
http-parser-debuginfo-2.7.1-5.el7_6.1.s390.rpm	SHA-256: bfe47dd99992dc9606ece935683cba2d84870df2b0c704c3a10f9c4cff6f92d5
http-parser-debuginfo-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: b6232cfc44c55fe69e4a2186acc9adc6ce1bf84290704369ea4b8560e8a24cc8
http-parser-debuginfo-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: b6232cfc44c55fe69e4a2186acc9adc6ce1bf84290704369ea4b8560e8a24cc8
http-parser-devel-2.7.1-5.el7_6.1.s390.rpm	SHA-256: e0c34aa59efdd53fa20e16504021d8634345acf97b48e5733833d2431bd63862
http-parser-devel-2.7.1-5.el7_6.1.s390x.rpm	SHA-256: f749927705ba2c6db8bb5330e3de40c4b1111985afc0e3e30f5669ff31c81b8f

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation