RHSA-2016:1380-01 -- Redhat nodejs010-node-gyp, nodejs010-nodejs-qsID: oval:org.secpod.oval:def:504952 | Date: (C)2021-02-03 (M)2022-10-10 |
Class: PATCH | Family: unix |
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. Security Fix: * The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. Bug Fix: * A previous patch to the nodejs010-node-gyp RPM package introduced a bug, which caused the node-gyp module to work incorrectly. As a consequence, users were unable to install or build native Node.js modules. A new patch has been applied, the node-gyp module now works as expected, and it no longer affects other modules. All nodejs010-nodejs-qs and nodejs010-node-gyp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
Platform: |
Red Hat Enterprise Linux 7 |
Red Hat Enterprise Linux 6 |
Product: |
nodejs010-node-gyp |
nodejs010-nodejs-qs |