Red Hat Security Advisory: rh-nodejs10-nodejs security update
🔗 CVE IDs covered (12)
📋 Description
CVE-2018-12121 — nodejs: Denial of Service with large HTTP headers CVE-2018-12122 — nodejs: Slowloris HTTP Denial of Service CVE-2018-12123 — nodejs: Hostname spoofing in URL parser for javascript protocol CVE-2019-5737 — nodejs: Insufficient Slowloris fix causing DoS via server.headersTimeout bypass CVE-2019-9511 — HTTP/2: large amount of data requests leads to denial of service CVE-2019-9512 — HTTP/2: flood using PING frames results in unbounded memory growth CVE-2019-9513 — HTTP/2: flood using PRIORITY frames results in excessive resource consumption CVE-2019-9514 — HTTP/2: flood using HEADERS frames results in unbounded memory growth CVE-2019-9515 — HTTP/2: flood using SETTINGS frames results in unbounded memory growth CVE-2019-9516 — HTTP/2: 0-length headers lead to denial of service CVE-2019-9517 — HTTP/2: request for large response leads to denial of service CVE-2019-9518 — HTTP/2: flood using empty frames results in excessive resource consumption
🔗 References (11)
- selfhttps://access.redhat.com/errata/RHSA-2019:2939
- externalhttps://access.redhat.com/security/updates/classification/#important
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735645
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735741
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735744
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735745
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1735749
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1741860
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1741864
- externalhttps://bugzilla.redhat.com/show_bug.cgi?id=1741868
- selfhttps://security.access.redhat.com/data/csaf/v2/advisories/2019/rhsa-2019_2939.json