Action not permitted
Modal body text goes here.
cve-2018-12115
Vulnerability from cvelistv5
Published
2018-08-21 13:00
Modified
2024-09-16 16:48
Severity ?
EPSS score ?
Summary
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
References
▼ | URL | Tags | |
---|---|---|---|
cve-request@iojs.org | http://www.securityfocus.com/bid/105127 | Third Party Advisory, VDB Entry | |
cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2018:2552 | Third Party Advisory | |
cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2018:2553 | Third Party Advisory | |
cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2018:2944 | Third Party Advisory | |
cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2018:2949 | Third Party Advisory | |
cve-request@iojs.org | https://access.redhat.com/errata/RHSA-2018:3537 | Third Party Advisory | |
cve-request@iojs.org | https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/ | Vendor Advisory | |
cve-request@iojs.org | https://security.gentoo.org/glsa/202003-48 |
Impacted products
▼ | Vendor | Product |
---|---|---|
The Node.js Project | Node.js |
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T08:24:03.759Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "105127", "tags": [ "vdb-entry", "x_refsource_BID", "x_transferred" ], "url": "http://www.securityfocus.com/bid/105127" }, { "name": "RHSA-2018:2552", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "name": "RHSA-2018:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "name": "RHSA-2018:2944", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "name": "RHSA-2018:3537", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "name": "RHSA-2018:2949", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "name": "GLSA-202003-48", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/202003-48" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "Node.js", "vendor": "The Node.js Project", "versions": [ { "status": "affected", "version": "All versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0" } ] } ], "datePublic": "2018-08-12T00:00:00", "descriptions": [ { "lang": "en", "value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-787", "description": "CWE-787: Out-of-bounds Write", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2020-03-20T20:06:12", "orgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "shortName": "nodejs" }, "references": [ { "name": "105127", "tags": [ "vdb-entry", "x_refsource_BID" ], "url": "http://www.securityfocus.com/bid/105127" }, { "name": "RHSA-2018:2552", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "name": "RHSA-2018:2553", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "name": "RHSA-2018:2944", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "name": "RHSA-2018:3537", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "name": "RHSA-2018:2949", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "name": "GLSA-202003-48", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/202003-48" } ], "x_legacyV4Record": { "CVE_data_meta": { "ASSIGNER": "cve-request@iojs.org", "DATE_PUBLIC": "2018-08-12T00:00:00", "ID": "CVE-2018-12115", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Node.js", "version": { "version_data": [ { "version_value": "All versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0" } ] } } ] }, "vendor_name": "The Node.js Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "105127", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105127" }, { "name": "RHSA-2018:2552", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "name": "RHSA-2018:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "name": "RHSA-2018:2944", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "name": "RHSA-2018:3537", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "name": "RHSA-2018:2949", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48" } ] } } } }, "cveMetadata": { "assignerOrgId": "386269d4-a6c6-4eaa-bf8e-bc0b0d010558", "assignerShortName": "nodejs", "cveId": "CVE-2018-12115", "datePublished": "2018-08-21T13:00:00Z", "dateReserved": "2018-06-11T00:00:00", "dateUpdated": "2024-09-16T16:48:58.679Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1", "meta": { "nvd": "{\"cve\":{\"id\":\"CVE-2018-12115\",\"sourceIdentifier\":\"cve-request@iojs.org\",\"published\":\"2018-08-21T12:29:00.210\",\"lastModified\":\"2020-03-20T21:15:13.610\",\"vulnStatus\":\"Modified\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.\"},{\"lang\":\"es\",\"value\":\"En todas las versiones de Node.js anteriores a la 6.14.4, 8.11.4 y 10.9.0, cuando se utiliza con codificaci\u00f3n UCS-2 (reconocida por Node.js bajo los nombres \\\"ucs2\\\", \\\"ucs-2\\\", \\\"utf16le\\\" y \\\"utf-16le\\\"), se puede explotar \\\"Buffer#write()\\\" para escribir fuera de los l\u00edmites de un b\u00fafer. Las escrituras que empiezan desde la segunda hasta la \u00faltima posici\u00f3n de un b\u00fafer provocan un error de c\u00e1lculo de la longitud m\u00e1xima de los bytes de entrada que se van a escribir.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":5.0},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]},{\"source\":\"cve-request@iojs.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.14.4\",\"matchCriteriaId\":\"4F608F84-5A94-4DC1-A7B8-E19028F96A40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndExcluding\":\"8.11.4\",\"matchCriteriaId\":\"468A9D35-95E1-473B-A5D3-9BD78818F599\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.0.0\",\"versionEndExcluding\":\"10.9.0\",\"matchCriteriaId\":\"48A01678-361E-4F23-B7D6-41B0C145F491\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F87326E-0B56-4356-A889-73D026DB1D4B\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/105127\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2552\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2553\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2944\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2949\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3537\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/\",\"source\":\"cve-request@iojs.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/202003-48\",\"source\":\"cve-request@iojs.org\"}]}}" } }
ghsa-q85m-543x-pwpc
Vulnerability from github
Published
2022-05-13 01:27
Modified
2022-05-13 01:27
Severity ?
Details
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names 'ucs2'
, 'ucs-2'
, 'utf16le'
and 'utf-16le'
), Buffer#write()
can be abused to write outside of the bounds of a single Buffer
. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
{ "affected": [], "aliases": [ "CVE-2018-12115" ], "database_specific": { "cwe_ids": [ "CWE-787" ], "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2018-08-21T12:29:00Z", "severity": "HIGH" }, "details": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "id": "GHSA-q85m-543x-pwpc", "modified": "2022-05-13T01:27:49Z", "published": "2022-05-13T01:27:49Z", "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "type": "WEB", "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "type": "WEB", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/202003-48" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/105127" } ], "schema_version": "1.4.0", "severity": [ { "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "type": "CVSS_V3" } ] }
rhsa-2018_2553
Vulnerability from csaf_redhat
Published
2018-08-22 21:15
Modified
2024-11-05 20:43
Summary
Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update
Notes
Topic
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Node.js 10.9.0 serves as a replacement for RHOAR Node.js 10.8.0, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)
* nodejs: Unintentional exposure of uninitialized memory (CVE-2018-7166)
* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of RHOAR Node.js 10.9.0 serves as a replacement for RHOAR Node.js 10.8.0, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)\n\n* nodejs: Unintentional exposure of uninitialized memory (CVE-2018-7166)\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2553", "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/index#runtime_components_nodejs_rpm_packages", "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/index#runtime_components_nodejs_rpm_packages" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "category": "external", "summary": "1591100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591100" }, { "category": "external", "summary": "1620215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620215" }, { "category": "external", "summary": "1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "NODE-152", "url": "https://issues.redhat.com/browse/NODE-152" }, { "category": "external", "summary": "NODE-153", "url": "https://issues.redhat.com/browse/NODE-153" }, { "category": "external", "summary": "NODE-154", "url": "https://issues.redhat.com/browse/NODE-154" }, { "category": "external", "summary": "NODE-155", "url": "https://issues.redhat.com/browse/NODE-155" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2553.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 10.9.0 security update", "tracking": { "current_release_date": "2024-11-05T20:43:17+00:00", "generator": { "date": "2024-11-05T20:43:17+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2018:2553", "initial_release_date": "2018-08-22T21:15:00+00:00", "revision_history": [ { "date": "2018-08-22T21:15:00+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-22T21:15:00+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:43:17+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Application Runtimes Node.js 10", "product": { "name": "Red Hat OpenShift Application Runtimes Node.js 10", "product_id": "7Server-RH7-RHOAR-NODEJS-10", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" }, { "branches": [ { "category": "product_version", "name": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "product": { "name": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "product_id": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs-debuginfo@10.9.0-1.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "product": { "name": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "product_id": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@6.2.0-1.10.9.0.1.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "rhoar-nodejs-1:10.9.0-1.el7.x86_64", "product": { "name": "rhoar-nodejs-1:10.9.0-1.el7.x86_64", "product_id": "rhoar-nodejs-1:10.9.0-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs@10.9.0-1.el7?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch", "product": { "name": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch", "product_id": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs-docs@10.9.0-1.el7?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rhoar-nodejs-1:10.9.0-1.el7.src", "product": { "name": "rhoar-nodejs-1:10.9.0-1.el7.src", "product_id": "rhoar-nodejs-1:10.9.0-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs@10.9.0-1.el7?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 10", "product_id": "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64" }, "product_reference": "npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-1:10.9.0-1.el7.src as a component of Red Hat OpenShift Application Runtimes Node.js 10", "product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src" }, "product_reference": "rhoar-nodejs-1:10.9.0-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-1:10.9.0-1.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 10", "product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64" }, "product_reference": "rhoar-nodejs-1:10.9.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 10", "product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64" }, "product_reference": "rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch as a component of Red Hat OpenShift Application Runtimes Node.js 10", "product_id": "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" }, "product_reference": "rhoar-nodejs-docs-1:10.9.0-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-10" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-0732", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1591100" } ], "notes": [ { "category": "description", "text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0732" }, { "category": "external", "summary": "RHBZ#1591100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591100" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0732", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20180612.txt", "url": "https://www.openssl.org/news/secadv/20180612.txt" } ], "release_date": "2018-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-22T21:15:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2553" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang" }, { "cve": "CVE-2018-7166", "cwe": { "id": "CWE-200", "name": "Exposure of Sensitive Information to an Unauthorized Actor" }, "discovery_date": "2018-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620215" } ], "notes": [ { "category": "description", "text": "In all versions of Node.js 10 prior to 10.9.0, an argument processing flaw can cause `Buffer.alloc()` to return uninitialized memory. This method is intended to be safe and only return initialized, or cleared, memory. The third argument specifying `encoding` can be passed as a number, this is misinterpreted by `Buffer\u0027s` internal \"fill\" method as the `start` to a fill operation. This flaw may be abused where `Buffer.alloc()` arguments are derived from user input to return uncleared memory blocks that may contain sensitive information.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Unintentional exposure of uninitialized memory", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7166" }, { "category": "external", "summary": "RHBZ#1620215", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620215" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7166", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7166" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7166", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7166" } ], "release_date": "2018-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-22T21:15:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2553" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0" }, "products": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Unintentional exposure of uninitialized memory" }, { "cve": "CVE-2018-12115", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620219" } ], "notes": [ { "category": "description", "text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12115" }, { "category": "external", "summary": "RHBZ#1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12115" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115" } ], "release_date": "2018-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-22T21:15:00+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "category": "workaround", "details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33", "product_ids": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOAR-NODEJS-10:npm-1:6.2.0-1.10.9.0.1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.src", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-debuginfo-1:10.9.0-1.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-10:rhoar-nodejs-docs-1:10.9.0-1.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding" } ] }
rhsa-2018_3537
Vulnerability from csaf_redhat
Published
2018-11-20 03:11
Modified
2024-11-05 20:52
Summary
Red Hat Security Advisory: OpenShift Container Platform 3.11 security update
Notes
Topic
An update is now available for Red Hat OpenShift Container Platform 3.11.
Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.
Security Fix(es):
* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the ‘servicecatalog’ API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)
* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)
* kibana: Cross-site scripting via the source field formatter (CVE-2018-3830)
Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes:
https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html
All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Critical" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Container Platform 3.11.\n\nRed Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat OpenShift Container Platform is Red Hat\u0027s cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments.\n\nSecurity Fix(es):\n\n* A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018servicecatalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105)\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\n* kibana: Cross-site scripting via the source field formatter (CVE-2018-3830)\n\nSpace precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:3537", "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#critical", "url": "https://access.redhat.com/security/updates/classification/#critical" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/3716411", "url": "https://access.redhat.com/security/vulnerabilities/3716411" }, { "category": "external", "summary": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html", "url": "https://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html" }, { "category": "external", "summary": "1552304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1552304" }, { "category": "external", "summary": "1613722", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1613722" }, { "category": "external", "summary": "1614904", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1614904" }, { "category": "external", "summary": "1615884", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1615884" }, { "category": "external", "summary": "1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "1622822", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1622822" }, { "category": "external", "summary": "1625090", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1625090" }, { "category": "external", "summary": "1626228", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626228" }, { "category": "external", "summary": "1626538", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1626538" }, { "category": "external", "summary": "1627086", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627086" }, { "category": "external", "summary": "1627689", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1627689" }, { "category": "external", "summary": "1628235", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628235" }, { "category": "external", "summary": "1628381", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628381" }, { "category": "external", "summary": "1628902", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1628902" }, { "category": "external", "summary": "1629558", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1629558" }, { "category": "external", "summary": "1632364", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632364" }, { "category": "external", "summary": "1632450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632450" }, { "category": "external", "summary": "1632648", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632648" }, { "category": "external", "summary": "1632895", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632895" }, { "category": "external", "summary": "1633574", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633574" }, { "category": "external", "summary": "1633923", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1633923" }, { "category": "external", "summary": "1634700", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634700" }, { "category": "external", "summary": "1634835", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1634835" }, { "category": "external", "summary": "1635672", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1635672" }, { "category": "external", "summary": "1636248", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1636248" }, { "category": "external", "summary": "1637413", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637413" }, { "category": "external", "summary": "1637737", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1637737" }, { "category": "external", "summary": "1641245", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641245" }, { "category": "external", "summary": "1641321", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641321" }, { "category": "external", "summary": "1641657", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641657" }, { "category": "external", "summary": "1641796", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1641796" }, { "category": "external", "summary": "1642002", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642002" }, { "category": "external", "summary": "1642350", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1642350" }, { "category": "external", "summary": "1643119", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643119" }, { "category": "external", "summary": "1643301", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643301" }, { "category": "external", "summary": "1643948", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1643948" }, { "category": "external", "summary": "1648138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_3537.json" } ], "title": "Red Hat Security Advisory: OpenShift Container Platform 3.11 security update", "tracking": { "current_release_date": "2024-11-05T20:52:18+00:00", "generator": { "date": "2024-11-05T20:52:18+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2018:3537", "initial_release_date": "2018-11-20T03:11:20+00:00", "revision_history": [ { "date": "2018-11-20T03:11:20+00:00", "number": "1", "summary": "Initial version" }, { "date": "2019-12-09T13:33:45+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:52:18+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Container Platform 3.11", "product": { "name": "Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift:3.11::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Enterprise" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "product": { "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "product_id": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1539805268-1.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "product": { "name": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "product_id": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage@0.0.2-4.gitd3c94f0.el7?arch=src" } } }, { "category": "product_version", "name": "python-elasticsearch-0:5.5.5-1.el7.src", "product": { "name": "python-elasticsearch-0:5.5.5-1.el7.src", "product_id": "python-elasticsearch-0:5.5.5-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-elasticsearch@5.5.5-1.el7?arch=src" } } }, { "category": "product_version", "name": "python-nose-xcover-0:1.0.10-1.el7.src", "product": { "name": "python-nose-xcover-0:1.0.10-1.el7.src", "product_id": "python-nose-xcover-0:1.0.10-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-nose-xcover@1.0.10-1.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "product_id": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.43-1.git.1671.04b17f5.el7?arch=src\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "product": { "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "product_id": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.43-1.git.0.55c4e4b.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "product": { "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "product_id": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.43-1.git.300.a720f7f.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "product_id": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.43-1.git.446.b80f8a1.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "product": { "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "product_id": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.43-1.git.52.6cc0a21.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "product_id": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.43-1.git.252.f45475c.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "product": { "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "product_id": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.43-1.git.14.bbbb450.el7?arch=src" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "product": { "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "product_id": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.43-1.git.316.7753377.el7?arch=src" } } }, { "category": "product_version", "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "product": { "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "product_id": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.11.8-2.rhaos3.11.git71cc465.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.43-1.git.419.03122b3.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "product": { "name": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "product_id": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-alertmanager@3.11.43-1.git.0.19c2765.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "product": { "name": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "product_id": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-node_exporter@3.11.43-1.git.1060.0aff287.el7?arch=src" } } }, { "category": "product_version", "name": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "product": { "name": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "product_id": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-prometheus-prometheus@3.11.43-1.git.5021.31a8f1d.el7?arch=src" } } }, { "category": "product_version", "name": "kibana-0:5.6.12-1.el7.src", "product": { "name": "kibana-0:5.6.12-1.el7.src", "product_id": "kibana-0:5.6.12-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana@5.6.12-1.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "product": { "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "product_id": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.43-1.git.0.fa69a02.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "product": { "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "product_id": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.43-1.git.219.be400cf.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.43-1.git.380.9cbcbb2.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "product": { "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "product_id": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.11.43-1.git.59.662daae.el7?arch=src" } } }, { "category": "product_version", "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "product": { "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "product_id": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.11.43-1.git.5.83ab17f.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "product": { "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "product_id": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/jenkins-2-plugins@3.11.1539805268-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "python-elasticsearch-0:5.5.5-1.el7.noarch", "product": { "name": "python-elasticsearch-0:5.5.5-1.el7.noarch", "product_id": "python-elasticsearch-0:5.5.5-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-elasticsearch@5.5.5-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "python-nose-xcover-0:1.0.10-1.el7.noarch", "product": { "name": "python-nose-xcover-0:1.0.10-1.el7.noarch", "product_id": "python-nose-xcover-0:1.0.10-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/python-nose-xcover@1.0.10-1.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "product": { "name": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "product_id": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-excluder@3.11.43-1.git.0.647ac05.el7?arch=noarch" } } }, { "category": "product_version", "name": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "product": { "name": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "product_id": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-docker-excluder@3.11.43-1.git.0.647ac05.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product": { "name": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_id": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-docs@3.11.43-1.git.0.fa69a02.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product": { "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_id": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible@3.11.43-1.git.0.fa69a02.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product": { "name": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_id": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-roles@3.11.43-1.git.0.fa69a02.el7?arch=noarch" } } }, { "category": "product_version", "name": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product": { "name": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_id": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-ansible-playbooks@3.11.43-1.git.0.fa69a02.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product": { "name": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_id": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-local-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product": { "name": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_id": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-manila-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product": { "name": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_id": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-snapshot-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product": { "name": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_id": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-efs-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product": { "name": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_id": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-snapshot-controller@0.0.2-4.gitd3c94f0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product": { "name": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_id": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-debuginfo@0.0.2-4.gitd3c94f0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product": { "name": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_id": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-external-storage-cephfs-provisioner@0.0.2-4.gitd3c94f0.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog@3.11.43-1.git.1671.04b17f5.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "product": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "product_id": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-enterprise-service-catalog-svcat@3.11.43-1.git.1671.04b17f5.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hypershift@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-tests@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-pod@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-hyperkube@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-clients-redistributable@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-sdn-ovs@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-template-service-broker@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product": { "name": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_id": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-master@3.11.43-1.git.0.647ac05.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "product": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "product_id": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-cluster-autoscaler@3.11.43-1.git.0.55c4e4b.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "product": { "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "product_id": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-descheduler@3.11.43-1.git.300.a720f7f.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "product": { "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "product_id": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-dockerregistry@3.11.43-1.git.446.b80f8a1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "product": { "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "product_id": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-metrics-server@3.11.43-1.git.52.6cc0a21.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "product": { "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "product_id": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-node-problem-detector@3.11.43-1.git.252.f45475c.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "product": { "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "product_id": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-service-idler@3.11.43-1.git.14.bbbb450.el7?arch=x86_64" } } }, { "category": "product_version", "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "product": { "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "product_id": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/atomic-openshift-web-console@3.11.43-1.git.316.7753377.el7?arch=x86_64" } } }, { "category": "product_version", "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "product": { "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "product_id": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/cri-o@1.11.8-2.rhaos3.11.git71cc465.el7?arch=x86_64" } } }, { "category": "product_version", "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "product": { "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "product_id": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/golang-github-openshift-oauth-proxy@3.11.43-1.git.419.03122b3.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "product": { "name": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "product_id": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-alertmanager@3.11.43-1.git.0.19c2765.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "product": { "name": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "product_id": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus-node-exporter@3.11.43-1.git.1060.0aff287.el7?arch=x86_64" } } }, { "category": "product_version", "name": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "product": { "name": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "product_id": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/prometheus@3.11.43-1.git.5021.31a8f1d.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kibana-debuginfo-0:5.6.12-1.el7.x86_64", "product": { "name": "kibana-debuginfo-0:5.6.12-1.el7.x86_64", "product_id": "kibana-debuginfo-0:5.6.12-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana-debuginfo@5.6.12-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "kibana-0:5.6.12-1.el7.x86_64", "product": { "name": "kibana-0:5.6.12-1.el7.x86_64", "product_id": "kibana-0:5.6.12-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/kibana@5.6.12-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "product": { "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "product_id": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-autoheal@3.11.43-1.git.219.be400cf.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "product": { "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "product_id": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-enterprise-cluster-capacity@3.11.43-1.git.380.9cbcbb2.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "product": { "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "product_id": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-monitor-project-lifecycle@3.11.43-1.git.59.662daae.el7?arch=x86_64" } } }, { "category": "product_version", "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "product": { "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "product_id": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/openshift-monitor-sample-app@3.11.43-1.git.5.83ab17f.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64" }, "product_reference": "atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src" }, "product_reference": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64" }, "product_reference": "atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src" }, "product_reference": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64" }, "product_reference": "atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch" }, "product_reference": "atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64" }, "product_reference": "atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch" }, "product_reference": "atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64" }, "product_reference": "atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64" }, "product_reference": "atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src" }, "product_reference": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64" }, "product_reference": "atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64" }, "product_reference": "atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src" }, "product_reference": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64" }, "product_reference": "atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src" }, "product_reference": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64" }, "product_reference": "cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64" }, "product_reference": "golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src" }, "product_reference": "golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src" }, "product_reference": "golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src" }, "product_reference": "golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch" }, "product_reference": "jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src" }, "product_reference": "jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-0:5.6.12-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src" }, "product_reference": "kibana-0:5.6.12-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-0:5.6.12-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64" }, "product_reference": "kibana-0:5.6.12-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "kibana-debuginfo-0:5.6.12-1.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64" }, "product_reference": "kibana-debuginfo-0:5.6.12-1.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch" }, "product_reference": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src" }, "product_reference": "openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch" }, "product_reference": "openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch" }, "product_reference": "openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch" }, "product_reference": "openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64" }, "product_reference": "openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64" }, "product_reference": "openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src" }, "product_reference": "openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64" }, "product_reference": "openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64" }, "product_reference": "openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64" }, "product_reference": "openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64" }, "product_reference": "openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64" }, "product_reference": "openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64" }, "product_reference": "openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64" }, "product_reference": "openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src" }, "product_reference": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64" }, "product_reference": "openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src" }, "product_reference": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64" }, "product_reference": "openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64" }, "product_reference": "prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64" }, "product_reference": "prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64 as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64" }, "product_reference": "prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python-elasticsearch-0:5.5.5-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch" }, "product_reference": "python-elasticsearch-0:5.5.5-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python-elasticsearch-0:5.5.5-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src" }, "product_reference": "python-elasticsearch-0:5.5.5-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python-nose-xcover-0:1.0.10-1.el7.noarch as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch" }, "product_reference": "python-nose-xcover-0:1.0.10-1.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" }, { "category": "default_component_of", "full_product_name": { "name": "python-nose-xcover-0:1.0.10-1.el7.src as a component of Red Hat OpenShift Container Platform 3.11", "product_id": "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" }, "product_reference": "python-nose-xcover-0:1.0.10-1.el7.src", "relates_to_product_reference": "7Server-RH7-RHOSE-3.11" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-3830", "cwe": { "id": "CWE-79", "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)" }, "discovery_date": "2018-09-18T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1632450" } ], "notes": [ { "category": "description", "text": "Kibana versions 5.3.0 to 6.4.1 had a cross-site scripting (XSS) vulnerability via the source field formatter that could allow an attacker to obtain sensitive information from or perform destructive actions on behalf of other Kibana users.", "title": "Vulnerability description" }, { "category": "summary", "text": "kibana: Cross-site scripting via the source field formatter", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-3830" }, { "category": "external", "summary": "RHBZ#1632450", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1632450" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-3830", "url": "https://www.cve.org/CVERecord?id=CVE-2018-3830" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-3830", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-3830" } ], "release_date": "2018-09-18T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-11-20T03:11:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:3537" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "kibana: Cross-site scripting via the source field formatter" }, { "cve": "CVE-2018-12115", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-08-22T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620219" } ], "notes": [ { "category": "description", "text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12115" }, { "category": "external", "summary": "RHBZ#1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12115" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115" } ], "release_date": "2018-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-11-20T03:11:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "category": "workaround", "details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding" }, { "acknowledgments": [ { "names": [ "the Kubernetes Product Security Team" ] }, { "names": [ "Darren Shepherd" ], "summary": "Acknowledged by upstream." } ], "cve": "CVE-2018-1002105", "cwe": { "id": "CWE-305", "name": "Authentication Bypass by Primary Weakness" }, "discovery_date": "2018-11-08T00:00:00+00:00", "flags": [ { "label": "vulnerable_code_not_present", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] } ], "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1648138" } ], "notes": [ { "category": "description", "text": "A privilege escalation vulnerability exists in OpenShift Container Platform which allows for compromise of pods running co-located on a compute node. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers.", "title": "Vulnerability description" }, { "category": "summary", "text": "kubernetes: authentication/authorization bypass in the handling of non-101 responses", "title": "Vulnerability summary" }, { "category": "other", "text": "In versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the \u2018service catalog\u2019 API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64" ], "known_not_affected": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-1002105" }, { "category": "external", "summary": "RHBZ#1648138", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1648138" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-1002105", "url": "https://www.cve.org/CVERecord?id=CVE-2018-1002105" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1002105" }, { "category": "external", "summary": "https://access.redhat.com/security/vulnerabilities/3716411", "url": "https://access.redhat.com/security/vulnerabilities/3716411" }, { "category": "external", "summary": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88", "url": "https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88" } ], "release_date": "2018-12-03T17:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-11-20T03:11:20+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "category": "workaround", "details": "See the vulnerability article for mitigation procedures.", "product_ids": [ "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.src", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-enterprise-service-catalog-svcat-1:3.11.43-1.git.1671.04b17f5.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-cluster-autoscaler-0:3.11.43-1.git.0.55c4e4b.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-descheduler-0:3.11.43-1.git.300.a720f7f.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-dockerregistry-0:3.11.43-1.git.446.b80f8a1.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-metrics-server-0:3.11.43-1.git.52.6cc0a21.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-problem-detector-0:3.11.43-1.git.252.f45475c.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-service-idler-0:3.11.43-1.git.14.bbbb450.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-web-console-0:3.11.43-1.git.316.7753377.el7.x86_64", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.src", "7Server-RH7-RHOSE-3.11:cri-o-0:1.11.8-2.rhaos3.11.git71cc465.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-openshift-oauth-proxy-0:3.11.43-1.git.419.03122b3.el7.x86_64", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-node_exporter-0:3.11.43-1.git.1060.0aff287.el7.src", "7Server-RH7-RHOSE-3.11:golang-github-prometheus-prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.src", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.noarch", "7Server-RH7-RHOSE-3.11:jenkins-2-plugins-0:3.11.1539805268-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.src", "7Server-RH7-RHOSE-3.11:kibana-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:kibana-debuginfo-0:5.6.12-1.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-0:3.11.43-1.git.0.fa69a02.el7.src", "7Server-RH7-RHOSE-3.11:openshift-ansible-docs-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-playbooks-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-ansible-roles-0:3.11.43-1.git.0.fa69a02.el7.noarch", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-autoheal-0:3.11.43-1.git.219.be400cf.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.src", "7Server-RH7-RHOSE-3.11:openshift-enterprise-cluster-capacity-0:3.11.43-1.git.380.9cbcbb2.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-0:0.0.2-4.gitd3c94f0.el7.src", "7Server-RH7-RHOSE-3.11:openshift-external-storage-cephfs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-debuginfo-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-efs-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-local-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-manila-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-controller-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-external-storage-snapshot-provisioner-0:0.0.2-4.gitd3c94f0.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-project-lifecycle-0:3.11.43-1.git.59.662daae.el7.x86_64", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.src", "7Server-RH7-RHOSE-3.11:openshift-monitor-sample-app-0:3.11.43-1.git.5.83ab17f.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-0:3.11.43-1.git.5021.31a8f1d.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-alertmanager-0:3.11.43-1.git.0.19c2765.el7.x86_64", "7Server-RH7-RHOSE-3.11:prometheus-node-exporter-0:3.11.43-1.git.1060.0aff287.el7.x86_64", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-elasticsearch-0:5.5.5-1.el7.src", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.noarch", "7Server-RH7-RHOSE-3.11:python-nose-xcover-0:1.0.10-1.el7.src" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.src", "7Server-RH7-RHOSE-3.11:atomic-openshift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-clients-redistributable-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-docker-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-excluder-0:3.11.43-1.git.0.647ac05.el7.noarch", "7Server-RH7-RHOSE-3.11:atomic-openshift-hyperkube-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-hypershift-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-master-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-node-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-pod-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-sdn-ovs-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-template-service-broker-0:3.11.43-1.git.0.647ac05.el7.x86_64", "7Server-RH7-RHOSE-3.11:atomic-openshift-tests-0:3.11.43-1.git.0.647ac05.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ], "title": "kubernetes: authentication/authorization bypass in the handling of non-101 responses" } ] }
rhsa-2018_2949
Vulnerability from csaf_redhat
Published
2018-10-18 10:11
Modified
2024-11-05 20:48
Summary
Red Hat Security Advisory: rh-nodejs8-nodejs security update
Notes
Topic
An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
The following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.11.4). (BZ#1621761)
Security Fix(es):
* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs8-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nThe following packages have been upgraded to a later upstream version: rh-nodejs8-nodejs (8.11.4). (BZ#1621761)\n\nSecurity Fix(es):\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2949", "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2949.json" } ], "title": "Red Hat Security Advisory: rh-nodejs8-nodejs security update", "tracking": { "current_release_date": "2024-11-05T20:48:00+00:00", "generator": { "date": "2024-11-05T20:48:00+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2018:2949", "initial_release_date": "2018-10-18T10:11:49+00:00", "revision_history": [ { "date": "2018-10-18T10:11:49+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-10-18T10:11:49+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:48:00+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "product": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "product_id": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-docs@8.11.4-1.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "product_id": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-devel@8.11.4-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "product": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "product_id": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-npm@5.6.0-8.11.4.1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "product_id": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs@8.11.4-1.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "product": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "product_id": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs8-nodejs-debuginfo@8.11.4-1.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64" }, "product_reference": "rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch" }, "product_reference": "rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" }, "product_reference": "rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-7159", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1561981" } ], "notes": [ { "category": "description", "text": "It was found that the http module from Node.js could accept incorrect Content-Length values, containing spaces within the value, in HTTP headers. A specially crafted client could use this flaw to possibly confuse the script, causing unspecified behavior.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: HTTP parser allowed for spaces inside Content-Length header values", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7159" }, { "category": "external", "summary": "RHBZ#1561981", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561981" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7159", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7159" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7159" } ], "release_date": "2018-03-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ], "title": "nodejs: HTTP parser allowed for spaces inside Content-Length header values" }, { "cve": "CVE-2018-7160", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "discovery_date": "2018-03-09T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1561979" } ], "notes": [ { "category": "description", "text": "It was found that when a Node.js script is run in inspector mode, Node.js did not properly validate the Host header, leaving the inspector vulnerable to a DNS rebind attack and bypass same-origin policy. If a developer had an inspector session running, and was visiting a malicious website, the site could carry on a DNS rebind attack, allowing the site to have full access to the debugged script.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Inspector DNS rebinding vulnerability", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7160" }, { "category": "external", "summary": "RHBZ#1561979", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561979" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7160", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7160" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7160" } ], "release_date": "2018-03-08T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Inspector DNS rebinding vulnerability" }, { "cve": "CVE-2018-7161", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "discovery_date": "2018-06-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1591013" } ], "notes": [ { "category": "description", "text": "All versions of Node.js 8.x, 9.x, and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7161" }, { "category": "external", "summary": "RHBZ#1591013", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591013" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7161", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7161" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7161" } ], "release_date": "2018-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: denial of service (DoS) by causing a node server providing an http2 server to crash" }, { "cve": "CVE-2018-7167", "cwe": { "id": "CWE-835", "name": "Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)" }, "discovery_date": "2018-06-13T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1591006" } ], "notes": [ { "category": "description", "text": "It was found that the Buffer.fill() and Buffer.alloc() function may hang. An attacker able to control the input of these function could use this flaw to cause a denial of service.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-7167" }, { "category": "external", "summary": "RHBZ#1591006", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591006" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-7167", "url": "https://www.cve.org/CVERecord?id=CVE-2018-7167" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-7167" } ], "release_date": "2018-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "nodejs: Denial of Service by calling Buffer.fill() or Buffer.alloc() with specially crafted parameters" }, { "cve": "CVE-2018-12115", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620219" } ], "notes": [ { "category": "description", "text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12115" }, { "category": "external", "summary": "RHBZ#1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12115" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115" } ], "release_date": "2018-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T10:11:49+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "category": "workaround", "details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33", "product_ids": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-debuginfo-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-devel-0:8.11.4-1.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs8-nodejs-docs-0:8.11.4-1.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs8-npm-0:5.6.0-8.11.4.1.el7.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding" } ] }
rhsa-2018_2552
Vulnerability from csaf_redhat
Published
2018-08-22 21:13
Modified
2024-11-05 20:43
Summary
Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 8.11.4 security update
Notes
Topic
An update is now available for Red Hat OpenShift Application Runtimes.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.
This release of RHOAR Node.js 8.11.4 serves as a replacement for RHOAR Node.js 8.11.3, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.
Security Fix(es):
* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)
* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Moderate" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update is now available for Red Hat OpenShift Application Runtimes.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Red Hat Openshift Application Runtimes provides an application platform that reduces the complexity of developing and operating applications (monoliths and microservices) for OpenShift as a containerized platform.\n\nThis release of RHOAR Node.js 8.11.4 serves as a replacement for RHOAR Node.js 8.11.3, and includes bug fixes and enhancements. For further information, refer to the Release Notes linked to in the References section.\n\nSecurity Fix(es):\n\n* openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang (CVE-2018-0732)\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2552", "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#moderate", "url": "https://access.redhat.com/security/updates/classification/#moderate" }, { "category": "external", "summary": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/index#runtime_components_nodejs_rpm_packages", "url": "https://access.redhat.com/documentation/en-us/red_hat_openshift_application_runtimes/1/html-single/red_hat_openshift_application_runtimes_release_notes/index#runtime_components_nodejs_rpm_packages" }, { "category": "external", "summary": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "category": "external", "summary": "1591100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591100" }, { "category": "external", "summary": "1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "NODE-153", "url": "https://issues.redhat.com/browse/NODE-153" }, { "category": "external", "summary": "NODE-154", "url": "https://issues.redhat.com/browse/NODE-154" }, { "category": "external", "summary": "NODE-155", "url": "https://issues.redhat.com/browse/NODE-155" }, { "category": "external", "summary": "NODE-160", "url": "https://issues.redhat.com/browse/NODE-160" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2552.json" } ], "title": "Red Hat Security Advisory: Red Hat OpenShift Application Runtimes Node.js 8.11.4 security update", "tracking": { "current_release_date": "2024-11-05T20:43:06+00:00", "generator": { "date": "2024-11-05T20:43:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2018:2552", "initial_release_date": "2018-08-22T21:13:07+00:00", "revision_history": [ { "date": "2018-08-22T21:13:07+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-08-22T21:13:08+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:43:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat OpenShift Application Runtimes Node.js 8", "product": { "name": "Red Hat OpenShift Application Runtimes Node.js 8", "product_id": "7Server-RH7-RHOAR-NODEJS-8", "product_identification_helper": { "cpe": "cpe:/a:redhat:openshift_application_runtimes:1.0::el7" } } } ], "category": "product_family", "name": "Red Hat OpenShift Application Runtimes" }, { "branches": [ { "category": "product_version", "name": "rhoar-nodejs-docs-1:8.11.4-2.el7.noarch", "product": { "name": "rhoar-nodejs-docs-1:8.11.4-2.el7.noarch", "product_id": "rhoar-nodejs-docs-1:8.11.4-2.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs-docs@8.11.4-2.el7?arch=noarch\u0026epoch=1" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rhoar-nodejs-1:8.11.4-2.el7.x86_64", "product": { "name": "rhoar-nodejs-1:8.11.4-2.el7.x86_64", "product_id": "rhoar-nodejs-1:8.11.4-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs@8.11.4-2.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "product": { "name": "rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "product_id": "rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs-debuginfo@8.11.4-2.el7?arch=x86_64\u0026epoch=1" } } }, { "category": "product_version", "name": "npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "product": { "name": "npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "product_id": "npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/npm@5.6.0-1.8.11.4.2.el7?arch=x86_64\u0026epoch=1" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rhoar-nodejs-1:8.11.4-2.el7.src", "product": { "name": "rhoar-nodejs-1:8.11.4-2.el7.src", "product_id": "rhoar-nodejs-1:8.11.4-2.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rhoar-nodejs@8.11.4-2.el7?arch=src\u0026epoch=1" } } } ], "category": "architecture", "name": "src" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "npm-1:5.6.0-1.8.11.4.2.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 8", "product_id": "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64" }, "product_reference": "npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-8" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-1:8.11.4-2.el7.src as a component of Red Hat OpenShift Application Runtimes Node.js 8", "product_id": "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src" }, "product_reference": "rhoar-nodejs-1:8.11.4-2.el7.src", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-8" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-1:8.11.4-2.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 8", "product_id": "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64" }, "product_reference": "rhoar-nodejs-1:8.11.4-2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-8" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64 as a component of Red Hat OpenShift Application Runtimes Node.js 8", "product_id": "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64" }, "product_reference": "rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-8" }, { "category": "default_component_of", "full_product_name": { "name": "rhoar-nodejs-docs-1:8.11.4-2.el7.noarch as a component of Red Hat OpenShift Application Runtimes Node.js 8", "product_id": "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" }, "product_reference": "rhoar-nodejs-docs-1:8.11.4-2.el7.noarch", "relates_to_product_reference": "7Server-RH7-RHOAR-NODEJS-8" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-0732", "cwe": { "id": "CWE-325", "name": "Missing Cryptographic Step" }, "discovery_date": "2018-06-14T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1591100" } ], "notes": [ { "category": "description", "text": "During key agreement in a TLS handshake using a DH(E) based ciphersuite a malicious server can send a very large prime value to the client. This will cause the client to spend an unreasonably long period of time generating a key for this prime resulting in a hang until the client has finished. This could be exploited in a Denial Of Service attack. Fixed in OpenSSL 1.1.0i-dev (Affected 1.1.0-1.1.0h). Fixed in OpenSSL 1.0.2p-dev (Affected 1.0.2-1.0.2o).", "title": "Vulnerability description" }, { "category": "summary", "text": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang", "title": "Vulnerability summary" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-0732" }, { "category": "external", "summary": "RHBZ#1591100", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1591100" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-0732", "url": "https://www.cve.org/CVERecord?id=CVE-2018-0732" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-0732" }, { "category": "external", "summary": "https://www.openssl.org/news/secadv/20180612.txt", "url": "https://www.openssl.org/news/secadv/20180612.txt" } ], "release_date": "2018-06-12T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-22T21:13:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2552" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L", "version": "3.0" }, "products": [ "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Moderate" } ], "title": "openssl: Malicious server can send large prime to client during DH(E) TLS handshake causing the client to hang" }, { "cve": "CVE-2018-12115", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620219" } ], "notes": [ { "category": "description", "text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12115" }, { "category": "external", "summary": "RHBZ#1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12115" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115" } ], "release_date": "2018-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-08-22T21:13:07+00:00", "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "category": "workaround", "details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33", "product_ids": [ "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "7Server-RH7-RHOAR-NODEJS-8:npm-1:5.6.0-1.8.11.4.2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.src", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-debuginfo-1:8.11.4-2.el7.x86_64", "7Server-RH7-RHOAR-NODEJS-8:rhoar-nodejs-docs-1:8.11.4-2.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding" } ] }
rhsa-2018_2944
Vulnerability from csaf_redhat
Published
2018-10-18 07:45
Modified
2024-11-05 20:48
Summary
Red Hat Security Advisory: rh-nodejs6-nodejs security update
Notes
Topic
An update for rh-nodejs6-nodejs is now available for Red Hat Software Collections.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.
Security Fix(es):
* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{ "document": { "aggregate_severity": { "namespace": "https://access.redhat.com/security/updates/classification/", "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "summary", "text": "An update for rh-nodejs6-nodejs is now available for Red Hat Software Collections.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.", "title": "Topic" }, { "category": "general", "text": "Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language.\n\nSecurity Fix(es):\n\n* nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "title": "Details" }, { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://access.redhat.com/security/team/contact/", "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.", "name": "Red Hat Product Security", "namespace": "https://www.redhat.com" }, "references": [ { "category": "self", "summary": "https://access.redhat.com/errata/RHSA-2018:2944", "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "category": "external", "summary": "https://access.redhat.com/security/updates/classification/#important", "url": "https://access.redhat.com/security/updates/classification/#important" }, { "category": "external", "summary": "1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "self", "summary": "Canonical URL", "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2944.json" } ], "title": "Red Hat Security Advisory: rh-nodejs6-nodejs security update", "tracking": { "current_release_date": "2024-11-05T20:48:06+00:00", "generator": { "date": "2024-11-05T20:48:06+00:00", "engine": { "name": "Red Hat SDEngine", "version": "4.1.1" } }, "id": "RHSA-2018:2944", "initial_release_date": "2018-10-18T07:45:58+00:00", "revision_history": [ { "date": "2018-10-18T07:45:58+00:00", "number": "1", "summary": "Initial version" }, { "date": "2018-10-18T07:45:58+00:00", "number": "2", "summary": "Last updated version" }, { "date": "2024-11-05T20:48:06+00:00", "number": "3", "summary": "Last generated version" } ], "status": "final", "version": "3" } }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-3.1-6.7.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el6" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } }, { "category": "product_name", "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product": { "name": "Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z", "product_identification_helper": { "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7" } } } ], "category": "product_family", "name": "Red Hat Software Collections" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "product": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "product_id": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-docs@6.11.3-6.el6?arch=noarch" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "product": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "product_id": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-docs@6.11.3-7.el7?arch=noarch" } } } ], "category": "architecture", "name": "noarch" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "product": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "product_id": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs@6.11.3-6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "product": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "product_id": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-devel@6.11.3-6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "product": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "product_id": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-debuginfo@6.11.3-6.el6?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "product": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "product_id": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs@6.11.3-7.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "product": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "product_id": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-devel@6.11.3-7.el7?arch=x86_64" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "product": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "product_id": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-debuginfo@6.11.3-7.el7?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "product": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "product_id": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs@6.11.3-6.el6?arch=src" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "product": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "product_id": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs@6.11.3-7.el7?arch=src" } } } ], "category": "architecture", "name": "src" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "product": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "product_id": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs@6.11.3-7.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "product": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "product_id": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-devel@6.11.3-7.el7?arch=s390x" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "product": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "product_id": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-debuginfo@6.11.3-7.el7?arch=s390x" } } } ], "category": "architecture", "name": "s390x" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "product": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "product_id": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs@6.11.3-7.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "product": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "product_id": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-devel@6.11.3-7.el7?arch=ppc64le" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "product": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "product_id": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-debuginfo@6.11.3-7.el7?arch=ppc64le" } } } ], "category": "architecture", "name": "ppc64le" }, { "branches": [ { "category": "product_version", "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "product": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "product_id": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs@6.11.3-7.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "product": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "product_id": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-devel@6.11.3-7.el7?arch=aarch64" } } }, { "category": "product_version", "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "product": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "product_id": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "product_identification_helper": { "purl": "pkg:rpm/redhat/rh-nodejs6-nodejs-debuginfo@6.11.3-7.el7?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" } ], "category": "vendor", "name": "Red Hat" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "relates_to_product_reference": "6Server-RHSCL-3.1-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-3.1-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-3.1-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-3.1-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 6.7)", "product_id": "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "relates_to_product_reference": "6Server-RHSCL-3.1-6.7.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "relates_to_product_reference": "6Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 6)", "product_id": "6Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "relates_to_product_reference": "6Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "relates_to_product_reference": "6Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "relates_to_product_reference": "6Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 6)", "product_id": "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "relates_to_product_reference": "6Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "relates_to_product_reference": "7Server-Alt-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.3)", "product_id": "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1-7.3.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.4)", "product_id": "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1-7.4.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server EUS (v. 7.5)", "product_id": "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1-7.5.Z" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7)", "product_id": "7Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "relates_to_product_reference": "7Server-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64 as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64" }, "product_reference": "rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "relates_to_product_reference": "7Workstation-RHSCL-3.1" }, { "category": "default_component_of", "full_product_name": { "name": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch as a component of Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7)", "product_id": "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" }, "product_reference": "rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "relates_to_product_reference": "7Workstation-RHSCL-3.1" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-12115", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "discovery_date": "2018-08-22T00:00:00+00:00", "ids": [ { "system_name": "Red Hat Bugzilla ID", "text": "1620219" } ], "notes": [ { "category": "description", "text": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "title": "Vulnerability description" }, { "category": "summary", "text": "nodejs: Out of bounds (OOB) write via UCS-2 encoding", "title": "Vulnerability summary" }, { "category": "other", "text": "Openshift Container Platform 3.x versions are potentially vulnerable via the jenkins-slave-nodejs and jenkins-agent-nodejs containers. However a build would have to occur with a malicious jenkins pipeline, or nodejs source code supplied by an attacker, reducing the impact of this flaw to moderate. Both container images used nodejs delivered from Red Hat Software Collections.", "title": "Statement" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://access.redhat.com/security/cve/CVE-2018-12115" }, { "category": "external", "summary": "RHBZ#1620219", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1620219" }, { "category": "external", "summary": "https://www.cve.org/CVERecord?id=CVE-2018-12115", "url": "https://www.cve.org/CVERecord?id=CVE-2018-12115" }, { "category": "external", "summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115", "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-12115" } ], "release_date": "2018-08-11T00:00:00+00:00", "remediations": [ { "category": "vendor_fix", "date": "2018-10-18T07:45:58+00:00", "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258", "product_ids": [ "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" ], "restart_required": { "category": "none" }, "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "category": "workaround", "details": "On Openshift Container Platform 3.x you can override the container image used on the Jenkins Slave by specifying the JENKINS_SLAVE_IMAGE environment variable in your jenkins deployment configuration. Ref:\n\nhttps://github.com/openshift/jenkins/blob/8e1ab16fb5f44d6570018c5dfa3407692fdba6e5/2/contrib/jenkins/kube-slave-common.sh#L27-L33", "product_ids": [ "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" ] } ], "scores": [ { "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1-6.7.Z:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.src", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-6.el6.x86_64", "6Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-6.el6.noarch", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-Alt-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.3.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.4.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1-7.5.Z:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Server-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.src", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-debuginfo-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.aarch64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.ppc64le", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.s390x", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-devel-0:6.11.3-7.el7.x86_64", "7Workstation-RHSCL-3.1:rh-nodejs6-nodejs-docs-0:6.11.3-7.el7.noarch" ] } ], "threats": [ { "category": "impact", "details": "Important" } ], "title": "nodejs: Out of bounds (OOB) write via UCS-2 encoding" } ] }
gsd-2018-12115
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `'ucs2'`, `'ucs-2'`, `'utf16le'` and `'utf-16le'`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.
Aliases
Aliases
{ "GSD": { "alias": "CVE-2018-12115", "description": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "id": "GSD-2018-12115", "references": [ "https://www.suse.com/security/cve/CVE-2018-12115.html", "https://access.redhat.com/errata/RHSA-2018:3537", "https://access.redhat.com/errata/RHSA-2018:2949", "https://access.redhat.com/errata/RHSA-2018:2944", "https://access.redhat.com/errata/RHSA-2018:2553", "https://access.redhat.com/errata/RHSA-2018:2552", "https://advisories.mageia.org/CVE-2018-12115.html", "https://ubuntu.com/security/CVE-2018-12115" ] }, "gsd": { "metadata": { "exploitCode": "unknown", "remediation": "unknown", "reportConfidence": "confirmed", "type": "vulnerability" }, "osvSchema": { "aliases": [ "CVE-2018-12115" ], "details": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written.", "id": "GSD-2018-12115", "modified": "2023-12-13T01:22:29.724353Z", "schema_version": "1.4.0" } }, "namespaces": { "cve.org": { "CVE_data_meta": { "ASSIGNER": "cve-request@iojs.org", "DATE_PUBLIC": "2018-08-12T00:00:00", "ID": "CVE-2018-12115", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "Node.js", "version": { "version_data": [ { "version_value": "All versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0" } ] } } ] }, "vendor_name": "The Node.js Project" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-787: Out-of-bounds Write" } ] } ] }, "references": { "reference_data": [ { "name": "105127", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105127" }, { "name": "RHSA-2018:2552", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "name": "RHSA-2018:2553", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "name": "RHSA-2018:2944", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "refsource": "CONFIRM", "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "name": "RHSA-2018:3537", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "name": "RHSA-2018:2949", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "name": "GLSA-202003-48", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202003-48" } ] } }, "nvd.nist.gov": { "configurations": { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "8.11.4", "versionStartIncluding": "8.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "10.9.0", "versionStartIncluding": "10.0.0", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:a:nodejs:node.js:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "6.14.4", "vulnerable": true } ], "operator": "OR" }, { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] }, "cve": { "CVE_data_meta": { "ASSIGNER": "cve-request@iojs.org", "ID": "CVE-2018-12115" }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "en", "value": "In all versions of Node.js prior to 6.14.4, 8.11.4 and 10.9.0 when used with UCS-2 encoding (recognized by Node.js under the names `\u0027ucs2\u0027`, `\u0027ucs-2\u0027`, `\u0027utf16le\u0027` and `\u0027utf-16le\u0027`), `Buffer#write()` can be abused to write outside of the bounds of a single `Buffer`. Writes that start from the second-to-last position of a buffer cause a miscalculation of the maximum length of the input bytes to be written." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "en", "value": "CWE-787" } ] } ] }, "references": { "reference_data": [ { "name": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/", "refsource": "CONFIRM", "tags": [ "Vendor Advisory" ], "url": "https://nodejs.org/en/blog/vulnerability/august-2018-security-releases/" }, { "name": "RHSA-2018:2553", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2553" }, { "name": "RHSA-2018:2552", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2552" }, { "name": "105127", "refsource": "BID", "tags": [ "Third Party Advisory", "VDB Entry" ], "url": "http://www.securityfocus.com/bid/105127" }, { "name": "RHSA-2018:2944", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2944" }, { "name": "RHSA-2018:2949", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:2949" }, { "name": "RHSA-2018:3537", "refsource": "REDHAT", "tags": [ "Third Party Advisory" ], "url": "https://access.redhat.com/errata/RHSA-2018:3537" }, { "name": "GLSA-202003-48", "refsource": "GENTOO", "tags": [], "url": "https://security.gentoo.org/glsa/202003-48" } ] } }, "impact": { "baseMetricV2": { "acInsufInfo": false, "cvssV2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false }, "baseMetricV3": { "cvssV3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } }, "lastModifiedDate": "2020-03-20T21:15Z", "publishedDate": "2018-08-21T12:29Z" } } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.