ArchLinux: 201510-3: nodejs: denial of service
Summary
A vulnerability has been discovered in the HTTP pipeline handling that is leading to an application crash. This problem is caused by out-of-order responses being sent to the client within a single pipelined connection.
Resolution
Upgrade to 4.1.2-1.
# pacman -Syu "nodejs>=4.1.2-1"
The problem has been fixed upstream in version 4.1.2.
References
https://github.com/nodejs/node/issues/3138 https://access.redhat.com/security/cve/CVE-2015-7384 https://nodejs.org/en/blog/release/v4.1.2/
Workaround
None.