drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Mangelnde Rechteprüfung in nodejs
Name: |
Mangelnde Rechteprüfung in nodejs |
|
ID: |
FEDORA-2015-2313 |
|
Distribution: |
Fedora |
|
Plattformen: |
Fedora 21 |
|
Datum: |
Sa, 28. Februar 2015, 16:44 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0278 |
|
Applikationen: |
node.js |
|
Originalnachricht |
Name : nodejs Product : Fedora 21 Version : 0.10.36 Release : 3.fc21 URL : http://nodejs.org/ Summary : JavaScript runtime Description : Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices.
------------------------------------------------------------------------------- - Update Information:
# nodejs
* tls: re-add 1024-bit SSL certs removed by f9456a2 (Chris Dickinson)
* timers: don't close interval timers when unrefd (Julien Gilli)
* timers: don't mutate unref list while iterating it (Julien Gilli)
* child_process: check execFile args is an array (Sam Roberts)
* child_process: check fork args is an array (Sam Roberts)
* crypto: update root certificates (Ben Noordhuis)
* domains: fix issues with abort on uncaught (Julien Gilli)
* timers: Avoid linear scan in _unrefActive. (Julien Gilli)
* timers: fix unref() memory leak (Trevor Norris)
* debugger: fix when using "use strict" (Julien Gilli)
# libuv
* linux: fix epoll_pwait() regression with < 2.6.19 (Ben Noordhuis)
* linux: fix epoll_pwait() sigmask size calculation (Ben Noordhuis)
* linux: fix sigmask size arg in epoll_pwait() call (Ben Noordhuis)
* linux: handle O_NONBLOCK != SOCK_NONBLOCK case (Helge Deller)
* doc: update project links (Ben Noordhuis)
* unix: add flag for blocking SIGPROF during poll (Ben Noordhuis)
* unix, windows: add uv_loop_configure() function (Ben Noordhuis)
# v8
* Fix debugger and strict mode regression (Julien Gilli)
* don't busy loop in cpu profiler thread (Ben Noordhuis)
* add api for aborting on uncaught exception (Julien Gilli) ------------------------------------------------------------------------------- - ChangeLog:
* Tue Feb 24 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.36-3 - bump v8 requires (RHBZ#1195457) * Thu Feb 19 2015 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.36-1 - new upstream release 0.10.36 http://blog.nodejs.org/2015/01/26/node-v0-10-36-stable/ - Please note that several upstream releases were skipped due to regressions reported in the upstream bug tracker. Please also review the 0.10.34 and 0.10.35 changelogs available at the above URL for a list of all changes. * Wed Nov 19 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.33-1 - new upstream release 0.10.33 http://blog.nodejs.org/2014/10/23/node-v0-10-33-stable/ - This release disables SSLv3 to secure Node.js services against the POODLE attack. (CVE-2014-3566; RHBZ#1152789) For more information or to learn how to re-enable SSLv3 in order to support legacy clients, please see the upstream release announcement linked above. * Tue Oct 21 2014 T.C. Hollingsworth <tchollingsworth@gmail.com> - 0.10.32-2 - add Provides nodejs-punycode (RHBZ#1151811) ------------------------------------------------------------------------------- - References:
[ 1 ] Bug #1194651 - CVE-2015-0278 libuv: incorrect revocation order while relinquishing privileges https://bugzilla.redhat.com/show_bug.cgi?id=1194651 ------------------------------------------------------------------------------- -
This update can be installed with the "yum" update program. Use su -c 'yum update nodejs' at the command line. For more information, refer to "Managing Software with yum", available at http://docs.fedoraproject.org/yum/.
All packages are signed with the Fedora Project GPG key. More details on the GPG keys used by the Fedora Project can be found at https://fedoraproject.org/keys ------------------------------------------------------------------------------- - _______________________________________________ package-announce mailing list package-announce@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/package-announce
|
|
|
|