nodejs/nodejs4
SHA256
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
44 Commits 1 Branch 0 Tags
main
Commit Graph

2 Commits

Author SHA256 Message Date
Adam Majer
57718cd79b * cli: add --max-http-header-size flag (max_header_size.patch) 
+ add maxHeaderSize property (max_header_size.patch)
      (CVE-2018-12121.patch - CVE-2018-12121, bsc#1117626)
    + A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely
      received within this period, the socket is destroyed on
      the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against
      excessive resource retention and possible Denial of Service.
      (CVE-2018-12122.patch - CVE-2018-12122, bsc#1117627)
      (CVE-2018-12116.patch - CVE-2018-12116, bsc#1117630)
    (CVE-2018-12123.patch - CVE-2018-12123, bnc#1117629)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=101
 2019-01-09 14:07:18 +00:00
Adam Majer
e0342a286e + Headers received by HTTP servers must not exceed 8192 bytes 
in total to prevent possible Denial of Service attacks.
      CVE-2018-12121.patch - (CVE-2018-12121, bsc#1117626)

OBS-URL: https://build.opensuse.org/package/show/devel:languages:nodejs/nodejs4?expand=0&rev=100
 2019-01-09 11:22:02 +00:00