GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Fri Mar 20, 2020 8:26 pm Post subject: [ GLSA 202003-48 ] Node.js |
 |
|
Gentoo Linux Security Advisory
Title: Node.js: Multiple vulnerabilities (GLSA 202003-48)
Severity: normal
Exploitable: local, remote
Date: 2020-03-20
Bug(s): #658074, #665656, #672136, #679132, #702988, #708458
ID: 202003-48
Synopsis
Multiple vulnerabilities have been found in Node.js, worst of which
could allow remote attackers to write arbitrary files.
Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
engine.
Affected Packages
Package: net-libs/nodejs
Vulnerable: < 12.15.0
Unaffected: >= 10.19.0 < 10.19.1
Unaffected: >= 12.15.0 < 12.15.1
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly write arbitrary files, cause a Denial
of Service condition or can conduct HTTP request splitting attacks.
Workaround
There is no known workaround at this time.
Resolution
All Node.js <12.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-10.19.0"
|
All Node.js 12.x users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-12.15.0"
|
References
CVE-2018-12115
CVE-2018-12116
CVE-2018-12121
CVE-2018-12122
CVE-2018-12123
CVE-2018-7161
CVE-2018-7162
CVE-2018-7164
CVE-2018-7167
CVE-2019-15604
CVE-2019-15605
CVE-2019-15606
CVE-2019-16777
CVE-2019-5737
CVE-2019-5739
Last edited by GLSA on Sat Mar 21, 2020 4:17 am; edited 1 time in total |
|
News & Announcements
