Red Hat Security Advisory 2017-0002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs, rh-nodejs4-http-parser. Security Fix: It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client.
487f8935425fab345c81e3d7c667d1f0fbea527ff25fc99538a766b46a2d968b
Gentoo Linux Security Advisory 201612-43 - Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions. Versions less than 4.6.1 are affected.
4a5120152ac200c733bba5cd83429dbf0a126acf19b41d28eca415de54fe93b1
Red Hat Security Advisory 2016-2101-01 - Red Hat OpenShift Container Platform is the company's cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. Security Fix: A regular expression denial of service flaw was found in Tough-Cookie. An attacker able to make an application using Touch-Cookie to parse a sufficiently large HTTP request Cookie header could cause the application to consume an excessive amount of CPU.
0c1b4ed27f0d1db4f3edc634e7d5fccb7e419a267e21c9074481e69ff631e66b