[arch-security] [ASA-201512-4] nodejs: multiple issues
rgacogne at archlinux.org
Sat Dec 5 14:04:48 UTC 2015
Arch Linux Security Advisory ASA-201512-4
Date : 2015-12-05
CVE-ID : CVE-2015-6764 CVE-2015-8027
Package : nodejs
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
The package nodejs before version 5.1.1-1 is vulnerable to multiple
issues, including but not limited to denial of service.
Upgrade to 5.1.1-1.
# pacman -Syu "nodejs>=5.1.1-1"
The problem has been fixed upstream in version 0.12.9, 4.2.3 and 5.1.1.
- CVE-2015-6764 (V8 out-of-bounds access vulnerability):
A bug was discovered in V8's implementation of JSON.stringify() that can
result in out-of-bounds reads on arrays. The patch was included in this
week's update of Chrome Stable. While this bug is high severity for
browsers, it is considered lower risk for Node.js users as it requires
to be exploitable.
Node.js users who expose services that process untrusted user-supplied
impacted versions of Node.js upgrade to the appropriate patched version
executed within a Node.js process by other means.
- CVE-2015-8027 (denial of service):
This critical denial of service (DoS) vulnerability impacts all versions
of v0.12.x through to v5.x, inclusive. The vulnerability was discovered
by Node.js core team member Fedor Indutny and relates to HTTP
pipelining. Under certain conditions an HTTP socket may no longer have a
parser associated with it but a pipelined request can trigger a pause or
resume on the non-existent parser thereby causing an uncaughtException
to be thrown. As these conditions can be created by an external attacker
and cause a Node.js service to be shut down we consider this a critical
vulnerability. It is recommended that users of impacted versions of
Node.js exposing HTTP services upgrade to the appropriate patched
versions as soon as practical.
A remote attacker can shutdown a vulnerable Node.js service, or have
unspecified impact via out-of-bounds reads on array.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 801 bytes
Desc: OpenPGP digital signature
More information about the arch-security