An update for rh-nodejs4-nodejs-minimatch is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofModerate.

A Common Vulnerability Scoring System (CVSS) base score, which gives adetailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Minimatch is a minimal matching utility that works by converting globexpressions into JavaScript RegExp objects.Security Fix(es):* A regular expression denial of service flaw was found in Minimatch.

Anattacker able to make an application using Minimatch to perform matching using aspecially crafted glob pattern could cause the application to consume anexcessive amount of CPU. (CVE-2016-1000023)
Red Hat Software Collections 1 for RHEL 6

    MD5: f40b5b540ed73f9725c6c5973a8bce8bSHA-256: 77182dd29d7d156d48003c79525c74bb95059f39887ea13030eb94e6d42a415e
    MD5: bf0183fbbfb3d65c29ef9a570e62fbb7SHA-256: 76246d6113a3061f2456fcccce07e58fbf476c576749fc2b5903c2b94f9eb610
Red Hat Software Collections 1 for RHEL 7

    MD5: 4618986de25eccc480307398de7c086eSHA-256: 45810107f949003d9e50cb2aa2ae63558026a53433ca6b3c1dc14edab61ff676
    MD5: 91781b1b87256fe786c7b714e439febaSHA-256: fb7320d5fb26baaac29359c44ed3071c0c8e2de8b743a6003e1f1dfb9c1793ed
(The unlinked packages above are only available from the Red Hat Network)

1348509 – CVE-2016-1000023 nodejs-minimatch: Regular expression denial-of-service

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:

Leave a Reply