Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 439
Alerts This Week
Warning Icon 1 439

Fedora 26: 2017-11-15 Moderate Node.js DoS Vulnerability in zlib

fedora
Calendar Grey November 15, 2017
Dist Fedora Esm H88
Significant vulnerability fix in Node.js for Fedora 26 covers several resolved problems crucial for the user base.
# 2017-10-24, Version 6.11.5 'Boron' (LTS), @MylesBorins This is a security release

Summary

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

# 2017-10-24, Version 6.11.5 'Boron' (LTS), @MylesBorins This is a security

release. All Node.js users should consult the security release summary at

https://nodejs.org/en/blog/vulnerability/oct-2017-dos/ for details on patched

vulnerabilities. ## Notable Changes * zlib: * CVE-2017-14919 - In zlib

v1.2.9, a change was made that causes an error to be raised when a raw deflate

stream is initialized with windowBits set to 8. On some versions this crashes

Node and you cannot recover from it, while on some versions it throws an

exception. Node.js will now gracefully set windowBits to 9 replicating the

legacy behavior to avoid a DOS vector. nodejs-private/node-private#95

su -c 'dnf upgrade nodejs' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Change Log

References

Update Instructions

Severity
important
Lowest
Low
Medium
High
Critical

Product: Fedora 26
Version: 6.11.5
Release: 1.fc26
Summary: JavaScript runtime

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.