http-parser-2.7.1-8.el7.2

エラータID: AXSA:2020-4489:01

Release date: 
Friday, March 6, 2020 - 16:45
Subject: 
http-parser-2.7.1-8.el7.2
Affected Channels: 
Asianux Server 7 for x86_64
Severity: 
High
Description: 

The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream.

Security Fix(es):

* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Solution: 

Update packages.

CVEs: 
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
Additional Info: 

N/A

Download: 

SRPMS
  1. http-parser-2.7.1-8.el7.2.src.rpm
    MD5: 9e50565fb567b2900015eddb47628215
    SHA-256: 6c509c2cac862aa4249d547c3bbde78c4e900641a4fa830ce477bb3dcc5642f1
    Size: 64.68 kB

Asianux Server 7 for x86_64
  1. http-parser-2.7.1-8.el7.2.x86_64.rpm
    MD5: 6e53c2a0b9c91d88daa4ac70b4c8972b
    SHA-256: 9479deda74612c080086a951d4c77049607f608c4f3bdd74e8a1e1835605abff
    Size: 27.82 kB
  2. http-parser-2.7.1-8.el7.2.i686.rpm
    MD5: 597708aa05d834043715c70cc0af8c70
    SHA-256: 4624bd826f755034c308ccdb372548b36a5333350d7339c1676a1dc82da98a6b
    Size: 27.87 kB