Issued:: 2017-04-05
Updated:: 2017-04-05

RHSA-2017:0881 - Moderate: v8 security update

Synopsis

Moderate: v8 security update

Type/Severity

Security Advisory Moderate

Topic

An update for v8 is now available for Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition.

Security Fix(es):

An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges. (CVE-2016-1669)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Product	Version	Arch
Red Hat OpenStack	7	x86_64

Updated Packages

v8-3.14.5.10-19.el7ost.x86_64.rpm
v8-3.14.5.10-19.el7ost.src.rpm
v8-debuginfo-3.14.5.10-19.el7ost.x86_64.rpm

Fixes

This content is not included.BZ - 1335449

CVEs

CVE-2016-1669

References

https://access.redhat.com/security/updates/classification/#moderate

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.