ELSA-2019-2258

ELSA-2019-2258 - http-parser security update

Type:SECURITY
Severity:MODERATE
Release Date:2019-08-13

Description


[2.7.1-8]
- Backport needed test fixes
- Related: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
allowed for spaces inside Content-Length header
values [rhel-7]

[2.7.1-7]
- Resolves: rhbz#1666024 - CVE-2018-7159 http-parser: nodejs: HTTP parser
allowed for spaces inside Content-Length header
values [rhel-7]

[2.7.1-6]
- Resolves: rhbz#1666381 - CVE-2018-12121 http-parser: nodejs: Denial of
Service with large HTTP headers [rhel-7]


Related CVEs


CVE-2018-7159
CVE-2018-12121

Updated Packages


Release/ArchitectureFilenameMD5sumSuperseded By Advisory
Oracle Linux 7 (aarch64) http-parser-2.7.1-8.el7.src.rpmb87ad2debe1315fbc47b1be68a0a34af-
http-parser-2.7.1-8.el7.aarch64.rpm5c3b1e152d1a2188e3076a6ba238fda1-
http-parser-devel-2.7.1-8.el7.aarch64.rpm6af34e5852667d88582c043fd470fc1f-
Oracle Linux 7 (x86_64) http-parser-2.7.1-8.el7.src.rpmb87ad2debe1315fbc47b1be68a0a34af-
http-parser-2.7.1-8.el7.i686.rpm6123b216d5d0b7b3fb1726612b411490-
http-parser-2.7.1-8.el7.x86_64.rpm229f913aa4f6f1a2c12a5e62cacb6c87-
http-parser-devel-2.7.1-8.el7.i686.rpm75252c4782bf774a205bfffaa95061f1-
http-parser-devel-2.7.1-8.el7.x86_64.rpma53523528cc981cc232eb0d448869cda-



This page is generated automatically and has not been checked for errors or omissions. For clarification or corrections please contact the Oracle Linux ULN team

software.hardware.complete