Mageia: 2019-0277 Critical: Nodejs Update Addressing Memory and DoS Issues
mageia
September 15, 2019
This update provides nodejs v6.17.1 fixing atleast the following security issues: The c-ares function ares_parse_naptr_reply(), which is used for parsing NAPTR responses, could be...
Summary
This update provides nodejs v6.17.1 fixing atleast the following security
issues:
The c-ares function ares_parse_naptr_reply(), which is used for parsing
NAPTR responses, could be triggered to read memory outside of the given
input buffer (CVE-2017-1000381)
Fix for 'path' module regular expression denial of service (CVE-2018-7158)
Reject spaces in HTTP Content-Length header values (CVE-2018-7159)
Fix for inspector DNS rebinding vulnerability (CVE-2018-7160)
buffer: Fixes Denial of Service vulnerability where calling Buffer.fill()
could hang (CVE-2018-7167)
buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding
(CVE-2018-12115)
Node.js: HTTP request splitting (CVE-2018-12116)
Node.js: Debugger port 5858 listens on any interface by default
(CVE-2018-12120)
Node.js: Denial of Service with large HTTP headers (CVE-2018-12121)
Node.js: Slowloris HTTP Denial of Service (CVE-2018-12122)
Node.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)
No...
References
- https://bugs.mageia.org/show_bug.cgi?id=21330
- https://nodejs.org/en/blog/release/v6.11.0/
- https://nodejs.org/en/blog/release/v6.11.1/
- https://nodejs.org/en/blog/release/v6.11.2/
- https://nodejs.org/en/blog/release/v6.11.3/
- https://nodejs.org/en/blog/release/v6.11.4/
- https://nodejs.org/en/blog/release/v6.12.0/
- https://nodejs.org/en/blog/release/v6.12.1/
- https://nodejs.org/en/blog/release/v6.12.2/
- https://nodejs.org/en/blog/release/v6.12.3/
- https://nodejs.org/en/blog/release/v6.13.0/
- https://nodejs.org/en/blog/release/v6.13.1/
- https://nodejs.org/en/blog/release/v6.14.0/
- https://nodejs.org/en/blog/release/v6.14.1/
- https://nodejs.org/en/blog/release/v6.14.2/
- https://nodejs.org/en/blog/release/v6.14.3/
- https://nodejs.org/en/blog/release/v6.15.0/
- https://nodejs.org/en/blog/release/v6.15.1/
- https://nodejs.org/en/blog/release/v6.16.0/
- https://nodejs.org/en/blog/release/v6.17.0/
- https://nodejs.org/en/blog/release/v6.17.1/
- https://www.cve.org/CVERecord?id=CVE-2017-1000381
- https://www.cve.org/CVERecord?id=CVE-2018-7158
- https://www.cve.org/CVERecord?id=CVE-2018-7159
- https://www.cve.org/CVERecord?id=CVE-2018-7160
- https://www.cve.org/CVERecord?id=CVE-2018-7167
- https://www.cve.org/CVERecord?id=CVE-2018-12115
- https://www.cve.org/CVERecord?id=CVE-2018-12116
- https://www.cve.org/CVERecord?id=CVE-2018-12120
- https://www.cve.org/CVERecord?id=CVE-2018-12121
- https://www.cve.org/CVERecord?id=CVE-2018-12122
- https://www.cve.org/CVERecord?id=CVE-2018-12123
- https://www.cve.org/CVERecord?id=CVE-2019-5737
- https://www.cve.org/CVERecord?id=CVE-2019-5739
Topics Covered
Resolution
SRPMS
- 6/core/nodejs-6.17.1-8.mga6
- 6/core/http-parser-2.9.2-1.mga6
- 6/core/libuv-1.16.1-1.mga6
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Publication date: 15 Sep 2019
URL: https://advisories.mageia.org/MGASA-2019-0277.html
Type: security
CVE: CVE-2017-1000381,
CVE-2018-7158,
CVE-2018-7159,
CVE-2018-7160,
CVE-2018-7167,
CVE-2018-12115,
CVE-2018-12116,
CVE-2018-12120,
CVE-2018-12121,
CVE-2018-12122,
CVE-2018-12123,
CVE-2019-5737,
CVE-2019-5739
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!