RHEL 7 : nodejs and nodejs-tough-cookie (RHSA-2016:2101)
Medium Nessus Plugin ID 119383
SynopsisThe remote Red Hat host is missing one or more security updates.
DescriptionAn update for nodejs-tough-cookie and nodejs is now available for Red Hat OpenShift Container Platform 3.1, 3.2, and 3.3.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.
Security Fix(es) :
* A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.
* It was found that the reason argument in ServerResponse#writeHead() was not properly validated. A remote attacker could possibly use this flaw to conduct an HTTP response splitting attack via a specially crafted HTTP request. (CVE-2016-5325)
This advisory contains the RPM packages for this release. See the following advisory for the container images fixes for this release :
SolutionUpdate the affected packages.