1. Home
  2. Security Advisories
  3. Gentoo
  4. GLSA-201612-43

[GLSA-201612-43] Node.js: Multiple vulnerabilities

Severity Normal
Affected Packages 1
Unaffected Packages 2
CVEs 4
Info Packages References Vulnerabilities

Multiple vulnerabilities have been found in Node.js, the worst of which can allow remote attackers to cause Denial of Service conditions.

Background
Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript
engine.

Description
Multiple vulnerabilities have been discovered in Node.js. Please review
the CVE identifiers referenced below for details.

Impact
A remote attacker could possibly cause a Denial of Service condition, or
conduct man-in-the-middle attacks.

Workaround
There is no known workaround at this time.

Resolution
All Node.js 0.12.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-0.12.17"

All Node.js 4.6.x users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/nodejs-4.6.1"

Package Affected Version
pkg:ebuild/net-libs/nodejs?distro=gentoo < 4.6.1
Package Unaffected Version
pkg:ebuild/net-libs/nodejs?distro=gentoo >= 0.12.17
pkg:ebuild/net-libs/nodejs?distro=gentoo >= 4.6.1
ID
GLSA-201612-43
Severity
normal
URL
https://security.gentoo.org/glsa/201612-43
Published
2016-12-13T00:00:00
(7 years ago)
Modified
2016-12-13T00:00:00
(7 years ago)
Rights
Gentoo Foundation, Inc.
Other Advisories
Source # ID Name URL
CVE CVE-2015-8027 CVE-2015-8027 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-8027
CVE CVE-2016-2086 CVE-2016-2086 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2086
CVE CVE-2016-2216 CVE-2016-2216 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-2216
CVE CVE-2016-5325 CVE-2016-5325 https://nvd.nist.gov/nvd.cfm?cvename=CVE-2016-5325
Bugzilla 568900 Bugzilla #568900 https://bugs.gentoo.org/show_bug.cgi?id=568900
Bugzilla 586084 Bugzilla #586084 https://bugs.gentoo.org/show_bug.cgi?id=586084
Bugzilla 595256 Bugzilla #595256 https://bugs.gentoo.org/show_bug.cgi?id=595256
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:ebuild/net-libs/nodejs?distro=gentoo net-libs nodejs < 4.6.1 gentoo
Unaffected pkg:ebuild/net-libs/nodejs?distro=gentoo net-libs nodejs >= 0.12.17 gentoo
Unaffected pkg:ebuild/net-libs/nodejs?distro=gentoo net-libs nodejs >= 4.6.1 gentoo
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date