The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Node Core: two vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Node Core.
Vulnerable products: Nodejs Core, openSUSE Leap, RHEL, Synology DSM.
Severity of this weakness: 3/4.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/07/2017.
Références of this bulletin: CVE-2017-11499, openSUSE-SU-2017:2179-1, RHSA-2017:2908-01, RHSA-2017:3002-01, Synology-SA-17:32, VIGILANCE-VUL-23220.

Description of the vulnerability 

Several vulnerabilities were announced in Node Core.

An attacker can trigger an overload via Constant Hashtable Seeds, in order to trigger a denial of service. [severity:3/4; CVE-2017-11499]

An attacker can trigger a fatal error via Http.get With Numeric Authorization, in order to trigger a denial of service. [severity:2/4]
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This computer threat impacts software or systems such as Nodejs Core, openSUSE Leap, RHEL, Synology DSM.

Our Vigil@nce team determined that the severity of this computer vulnerability alert is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 2 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity weakness.

Solutions for this threat 

Node Core: version 8.1.4.
The version 8.1.4 is fixed:
  https://nodejs.org/en/download/

Node Core: version 7.10.1.
The version 7.10.1 is fixed:
  https://nodejs.org/en/download/

Node Core: version 6.11.1.
The version 6.11.1 is fixed:
  https://nodejs.org/en/download/

Node Core: version 4.8.4.
The version 4.8.4 is fixed:
  https://nodejs.org/en/download/

Elastic Kibana: version 5.5.1.
The version 5.5.1 is fixed:
  https://www.elastic.co/downloads/kibana

openSUSE Leap: new nodejs packages.
New packages are available:
  openSUSE Leap 42.2: nodejs4 4.8.4-5.6.1
  openSUSE Leap 42.3: nodejs4 4.8.4-8.1, nodejs6 6.11.1-3.1

RHEL: new rh-nodejs4 packages.
New packages are available:
  RHEL 6: rh-nodejs4 2.4-4.el6
  RHEL 7: rh-nodejs4 2.4-3.el7

RHEL: new rh-nodejs6-nodejs packages.
New packages are available:
  RHEL 6: rh-nodejs6-nodejs 6.11.3-2.el6
  RHEL 7: rh-nodejs6-nodejs 6.11.3-2.el7

Synology DSM: solution for Node.js.
The solution is indicated in information sources.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a computer security announce. Each administrator can customize the list of products for which he wants to receive vulnerability alerts.