http-parser-2.8.0-5.el8.2

エラータID: AXSA:2020-132:02

Release date: 
Thursday, August 27, 2020 - 05:02
Subject: 
http-parser-2.8.0-5.el8.2
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
High
Description: 

The http-parser package provides a utility for parsing HTTP messages. It parses both requests and responses. The parser is designed to be used in performance HTTP applications. It does not make any system calls or allocations, it does not buffer data, and it can be interrupted at any time. Depending on your architecture, it only requires about 40 bytes of data per message stream.

Security Fix(es):

* nodejs: HTTP request smuggling using malformed Transfer-Encoding header (CVE-2019-15605)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Solution: 

Update packages.

CVEs: 
CVE-2019-15605
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
Additional Info: 

N/A

Download: 

SRPMS
  1. http-parser-2.8.0-5.el8.2.src.rpm
    MD5: 9b445d83038c81275da2f230d81e8dd7
    SHA-256: 34a6f8f681b39ef7e04d778d42e196c8ee47b23b833a0936a8d87ddc63fd47d6
    Size: 72.04 kB

Asianux Server 8 for x86_64
  1. http-parser-2.8.0-5.el8.2.x86_64.rpm
    MD5: 41d01140ea68122e50bf866db9781821
    SHA-256: 1f2815d73c759548bf5dde0ecae9961f1e1febde76149e3e69209f75498b7a8e
    Size: 40.36 kB
  2. http-parser-2.8.0-5.el8.2.i686.rpm
    MD5: 689f1dc66c1c8fb62a2c5e87c20a068e
    SHA-256: 7bbf6308b773f031e3a2c4ad1af2dcb523f90a2fe69fb04fe3516dd00e0ad7b0
    Size: 39.06 kB