Login
Newsletter
Werbung

Sicherheit: Mehrere Probleme in nodejs
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in nodejs
ID: FEDORA-2020-595ce5e3cc
Distribution: Fedora
Plattformen: Fedora 31
Datum: Fr, 24. Januar 2020, 19:40
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
Applikationen: node.js

Originalnachricht

-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-595ce5e3cc
2020-01-24 17:07:54.394618
-------------------------------------------------------------------------------
-

Name : nodejs
Product : Fedora 31
Version : 12.14.1
Release : 3.fc31
URL : http://nodejs.org/
Summary : JavaScript runtime
Description :
Node.js is a platform built on Chrome's JavaScript runtime
for easily building fast, scalable network applications.
Node.js uses an event-driven, non-blocking I/O model that
makes it lightweight and efficient, perfect for data-intensive
real-time applications that run across distributed devices.

-------------------------------------------------------------------------------
-
Update Information:

Update to 12.14.1 Add new subpackage `nodejs-full-i18n` to provide non-English
locale and Unicode support.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Jan 13 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-3
- Fix issue with header symlinks in v8-devel
* Tue Jan 7 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-2
- Drop unneeded dependency on http-parser-devel
* Tue Jan 7 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-1
- Update to 12.14.1
- https://github.com/nodejs/node/blob/v12.14.1/doc/changelogs/CHANGELOG_V12.md
* Mon Jan 6 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.0-2
- Update to 12.14.0
- https://github.com/nodejs/node/blob/v12.14.0/doc/changelogs/CHANGELOG_V12.md
- Add new subpackage nodejs-full-i18n to enable optional non-English locale
support
- Update documentation packaging for NPM
* Mon Dec 2 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.1-1
- Update to 12.13.1
- https://github.com/nodejs/node/blob/v12.13.1/doc/changelogs/CHANGELOG_V12.md
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-6
- Add proper i18n support
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-5
- Fix issue with NPM docs being replaced with a symlink
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-2
- Simplify npmrc default configuration
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-1
- Update to 12.13.0 (LTS)
- https://github.com/nodejs/node/blob/v12.13.0/doc/changelogs/CHANGELOG_V12.md
- NPM no longer clobbers RPM-installed Node.js modules
- Drop no-longer needed patch to suppress `npm update -g npm` message
-------------------------------------------------------------------------------
-
References:

[ 1 ] Bug #1767147 - CVE-2019-17592 nodejs-csv-parse: regular expression
denial of service [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1767147
[ 2 ] Bug #1788312 - CVE-2019-16776 nodejs: Arbitrary file write via
constructed entry in the package.json bin field [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1788312
[ 3 ] Bug #1788306 - CVE-2019-16775 nodejs: Symlink reference outside of
node_modules folder through the bin field upon installation [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1788306
[ 4 ] Bug #1788302 - CVE-2019-16777 nodejs: Global node_modules Binary
Overwrite via npm CLI [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=1788302
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-595ce5e3cc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Twitter
Neue Nachrichten
Werbung