Alerts This Week
Warning Icon 1 560
Alerts This Week
Warning Icon 1 560

Fedora 28 Node.js Security Update 2018-f59d961d7b Critical DoS

fedora
Calendar Grey June 18, 2018
Dist Fedora Esm H88
The latest security patch for Node.js on Fedora 28 resolves severe denial of service vulnerabilities that were present in earlier iterations.
Update for security fixes

Summary

Node.js is a platform built on Chrome's JavaScript runtime

for easily building fast, scalable network applications.

Node.js uses an event-driven, non-blocking I/O model that

makes it lightweight and efficient, perfect for data-intensive

real-time applications that run across distributed devices.

Update for security fixes

* Thu Jun 14 2018 Stephen Gallagher - 1:8.11.3-1

- Update to 8.11.3 for security fixes

- https://nodejs.org/en/blog/release/v8.11.3/

* Mon Jun 4 2018 Stephen Gallagher - 1:8.11.2-2

- Build against OpenSSL 1.1

* Thu May 17 2018 Stephen Gallagher - 1:8.11.2-1

- Update to 8.11.2

- https://nodejs.org/en/blog/release/v8.11.2/

* Fri Apr 13 2018 Rafael dos Santos - 1:8.11.0-2

- Use standard Fedora linker flags (bug #1543859)

[ 1 ] Bug #1591019 - CVE-2018-7162 nodejs: denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1591019

[ 2 ] Bug #1591014 - CVE-2018-7161 nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1591014

[ 3 ] Bug #1591009 - CVE-2018-7167 nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters [fedora-all]

https://bugzilla.redhat.com/show_bug.cgi?id=1591009

su -c 'dnf upgrade --advisory FEDORA-2018-f59d961d7b' at the command

line. For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

https://fedoraproject.org/security/

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org

Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/

List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines

List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ6FLAAAPRC5BNJSYG56VHQ2FAP3NCHU/

Topics%20covered

Topics Covered

security advisory DoS issue Fedora security fix nodejs

Change Log

References

Update Instructions

Severity
critical
Lowest
Low
Medium
High
Critical

Product: Fedora 28
Version: 8.11.3
Release: 1.fc28
URL: https://nodejs.org/en/
Summary: JavaScript runtime

Topics%20covered

Topics Covered

security advisory DoS issue Fedora security fix nodejs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here