Sicherheit: Denial of Service in libuv
Aktuelle Meldungen Distributionen
Name: Denial of Service in libuv
ID: FEDORA-2013-19491
Distribution: Fedora
Plattformen: Fedora 18
Datum: Di, 29. Oktober 2013, 08:48
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4450
Applikationen: libuv


Name        : libuv
Product : Fedora 18
Version : 0.10.18
Release : 1.fc18
URL : http://nodejs.org/
Summary : Platform layer for node.js
Description :
libuv is a new platform layer for Node. Its purpose is to abstract IOCP on
Windows and libev on Unix systems. We intend to eventually contain all platform
differences in this library.

Update Information:

This release contains a security fix for the http server implementation,
upgrade as soon as possible. For more information, see <http://ur1.ca/fwrj8>.

2013.10.18, node.js Version 0.10.21 (Stable)

* crypto: clear errors from verify failure (Timothy J Fontaine)

* dtrace: interpret two byte strings (Dave Pacheco)

* fs: fix fs.truncate() file content zeroing bug (Ben Noordhuis)

* http: provide backpressure for pipeline flood (isaacs)

* tls: fix premature connection termination (Ben Noordhuis)

2013.10.19, libuv Version 0.10.18 (Stable)

* unix: fix uv_spawn() NULL pointer deref on ENOMEM (Ben Noordhuis)

* unix: don't close inherited fds on uv_spawn() fail (Ben Noordhuis)

* unix: revert recent FSEvent changes (Ben Noordhuis)

* unix: fix non-synchronized access in signal.c (Ben Noordhuis)

[ 1 ] Bug #1021170 - CVE-2013-4450 NodeJS: HTTP Pipelining DoS

This update can be installed with the "yum" update program. Use
su -c 'yum update libuv' at the command line.
For more information, refer to "Managing Software with yum",
available at http://docs.fedoraproject.org/yum/.

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
package-announce mailing list
Unterstützer werden
Neue Nachrichten