An update for nodejs010-nodejs-minimatch is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Minimatch is a minimal matching utility that works by converting globexpressions into JavaScript RegExp objects.Security Fix(es):* A regular expression denial of service flaw was found in Minimatch.

Anattacker able to make an application using Minimatch to perform matching using aspecially crafted glob pattern could cause the application to consume anexcessive amount of CPU. (CVE-2016-1000023)
Red Hat Software Collections 1 for RHEL 6

    MD5: 3354d6440c4692e76e761158fe7e1db2SHA-256: 095b0953d3d082a79878ebafb43355e6b01feb720a3e9bebdd4b8ebe893da5d0
    MD5: e634595418fff45ca656ffcd766536ccSHA-256: c306bb738ce9d6adfd518ed6eed4d9b0e6fccdb784e4e1a156a3bef7cb968f21
Red Hat Software Collections 1 for RHEL 7

    MD5: b18b96d49754e36644e260229521afa9SHA-256: 8973534be681a40808d38cbc9580fbaff8a7c0a300a1edc8978024c3de15fe96
    MD5: 1aed44faf9f80efaf9beffd2e7a31bf5SHA-256: d10395049d26450d77a8856f44a8423aad567136b5ee0ea882b861124d5d108d
(The unlinked packages above are only available from the Red Hat Network)

1348509 – CVE-2016-1000023 nodejs-minimatch: Regular expression denial-of-service

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply