Issued:: 2017-04-05
Updated:: 2017-04-05

RHSA-2017:0882 - Moderate: v8 security update

Synopsis

Moderate: v8 security update

Type/Severity

Security Advisory Moderate

Topic

An update for v8 is now available for Red Hat OpenStack Platform 10.0 (Newton).

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

V8 is Google's open source JavaScript engine. V8 is written in C++ and is used in Google Chrome, the open source browser from Google. V8 implements ECMAScript as specified in ECMA-262, 3rd edition.

Security Fix(es):

An integer-overflow flaw was found in V8's Zone class when allocating new memory (Zone::New() and Zone::NewExpand()). An attacker with the ability to manipulate a large zone could crash the application or, potentially, execute arbitrary code with the application privileges. (CVE-2016-1669)

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Product	Version	Arch
Red Hat OpenStack	10	x86_64

Updated Packages

v8-3.14.5.10-19.el7ost.src.rpm
v8-3.14.5.10-19.el7ost.x86_64.rpm
v8-debuginfo-3.14.5.10-19.el7ost.x86_64.rpm

Fixes

This content is not included.BZ - 1335449

CVEs

CVE-2016-1669

References

https://access.redhat.com/security/updates/classification/#moderate

Additional information

The Red Hat security contact is This content is not included.secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.
Offline Security Data data is available for integration with other systems. See Offline Security Data API to get started.