Stay Secure with the Latest Linux Advisories

security advisorymoderatedenial of service

Fedora 28: 2018-373bbbd408 Moderate: Nodejs-JSV Denial of Service

Update to latest nodejs-uri-js for CVE fix. --------------------------------------------------------------------------------Fedora Update Notification FEDORA-2018-373bbbd408 2018-06-16 20:14:44.574452 --------------------------------------------------------------------------------Name : nodejs-JSV Product : Fedora 28 Version : 4.0.2 Release : 12.fc28 URL : https://github.com/garycourt/JSV Summary : JSON Schema Validator Description : JSV is a JavaScript implementation of a extendable, fully compliant JSON Schema validator with the following features: * The fastest extendable JSON validator available! * Complete implementation of all current JSON Schema draft revisions. * Supports creating individual environments (sandboxes) that validate using a particular schema specification. * Provides an intuitive API for creating new validating schema attributes, or whole new custom schema schemas. * Supports self, full and described by hyper links. * Validates itself, and is bootstrapped from the JSON Schema schemas. * Includes over 1100 unit tests for testing all parts of the specifications. * Works in all ECMAScript 3 environments, including all web browsers and Node.js. * Licensed under the FreeBSD License, a very open license. --------------------------------------------------------------------------------Update Information: Update to latest nodejs-uri-js for CVE fix --------------------------------------------------------------------------------ChangeLog: * Thu Jun 7 2018 Tom Hughes - 4.0.2-12 - Update npm(uri-js) dependency --------------------------------------------------------------------------------References: [ 1 ] Bug #1588825 - CVE-2017-16021 nodejs-uri-js: regular expression denial of service vulnerability in parse method [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=1588825 [ 2 ] Bug #1435853 - nodejs-uri-js-4.2.2 is available https://bugzilla.redhat.com/show_bug.cgi?id=1435853 --------------------------------------------------------------------------------This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2018-373bbbd408' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/security/ -------------------------------------------------------------------------------- _______________________________________________ package-announce mailing list -- This email address is being protected from spambots. You need JavaScript enabled to view it. To unsubscribe send an email to This email address is being protected from spambots. You need JavaScript enabled to view it. Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/This email address is being protected from spambots. You need JavaScript enabled to view it./message/DRDWTKMSD55QU6DW6DC7Q7ZZAONMI6X6/ . Upgrade the nodejs-uri-js to address CVE vulnerabilities. Ensure your Fedora system is safe by implementing this essential patch immediately.. nodejs update,Fedora security,JSON validation,JSON Schema validator. . LinuxSecurity.com Team

Jun 16, 2018 Fedora