RHSA-2017:3002-01 -- Redhat rh-nodejs4, rh-nodejs4-node-gyp, rh-nodejs4-nodejsID: oval:org.secpod.oval:def:504813 | Date: (C)2021-02-03 (M)2024-04-17 |
Class: PATCH | Family: unix |
Node.js is a platform built on Chrome"s JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a later upstream version: rh-nodejs4-nodejs . Security Fix: * It was found that Node.js was using a non-randomized seed when populating hash tables. An attacker, able to supply a large number of inputs, could send specially crafted entries to the Node.js application, maximizing hash collisions to trigger an excessive amount of CPU usage, resulting in a denial of service. Bug Fix: * The /opt/rh/rh-nodejs4/root/usr/share/licenses/ directory was not owned by any package. Consequently, when the rh-nodejs4 collection was uninstalled, the directory was not removed. This bug has been fixed, and the aforementioned directory is correctly removed after uninstalling rh-nodejs4
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Product: |
rh-nodejs4 |
rh-nodejs4-node-gyp |
rh-nodejs4-nodejs |