[GLSA-201612-43] Node.js: Multiple vulnerabilities
Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions.
Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
engine.
Description
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.
Impact
A remote attacker could possibly cause a Denial of Service condition, or
conduct man-in-the-middle attacks.
Workaround
There is no known workaround at this time.
Resolution
All Node.js 0.12.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-0.12.17"
All Node.js 4.6.x users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-4.6.1"
Package | Affected Version |
---|---|
pkg:ebuild/net-libs/nodejs?distro=gentoo | < 4.6.1 |
Package | Unaffected Version |
---|---|
pkg:ebuild/net-libs/nodejs?distro=gentoo | >= 0.12.17 |
pkg:ebuild/net-libs/nodejs?distro=gentoo | >= 4.6.1 |
- ID
- GLSA-201612-43
- Severity
- normal
- URL
- https://security.gentoo.org/glsa/201612-43
- Published
-
2016-12-13T00:00:00
(7 years ago) - Modified
-
2016-12-13T00:00:00
(7 years ago) - Rights
- Gentoo Foundation, Inc.
- Other Advisories
Source | # ID | Name | URL |
---|---|---|---|
CVE | CVE-2015-8027 | CVE-2015-8027 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8027 |
CVE | CVE-2016-2086 | CVE-2016-2086 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2086 |
CVE | CVE-2016-2216 | CVE-2016-2216 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2216 |
CVE | CVE-2016-5325 | CVE-2016-5325 | https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5325 |
Bugzilla | 568900 | Bugzilla #568900 | https://bugs.gentoo.org/show_bug.cgi?id=568900 |
Bugzilla | 586084 | Bugzilla #586084 | https://bugs.gentoo.org/show_bug.cgi?id=586084 |
Bugzilla | 595256 | Bugzilla #595256 | https://bugs.gentoo.org/show_bug.cgi?id=595256 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:ebuild/net-libs/nodejs?distro=gentoo | net-libs | nodejs | < 4.6.1 | gentoo | ||
Unaffected | pkg:ebuild/net-libs/nodejs?distro=gentoo | net-libs | nodejs | >= 0.12.17 | gentoo | ||
Unaffected | pkg:ebuild/net-libs/nodejs?distro=gentoo | net-libs | nodejs | >= 4.6.1 | gentoo |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |