Login
Newsletter
Werbung
Sicherheit: Mehrere Probleme in nodejs
Aktuelle Meldungen Distributionen
Name: Mehrere Probleme in nodejs
ID: FEDORA-2020-595ce5e3cc
Distribution: Fedora
Plattformen: Fedora 31
Datum: Fr, 24. Januar 2020, 19:40
Referenzen: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16776
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16775
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17592
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16777
Applikationen: node.js

Originalnachricht

 
-------------------------------------------------------------------------------
-
Fedora Update Notification
FEDORA-2020-595ce5e3cc
2020-01-24 17:07:54.394618
-------------------------------------------------------------------------------
-

Name        : nodejs
Product     : Fedora 31
Version     : 12.14.1
Release     : 3.fc31
URL         : http://nodejs.org/
Summary     : JavaScript runtime
Description :
Node.js is a platform built on Chrome's JavaScript runtime
for easily building fast, scalable network applications.
Node.js uses an event-driven, non-blocking I/O model that
makes it lightweight and efficient, perfect for data-intensive
real-time applications that run across distributed devices.

-------------------------------------------------------------------------------
-
Update Information:

Update to 12.14.1  Add new subpackage `nodejs-full-i18n` to provide non-English
locale and Unicode support.
-------------------------------------------------------------------------------
-
ChangeLog:

* Mon Jan 13 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-3
- Fix issue with header symlinks in v8-devel
* Tue Jan  7 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-2
- Drop unneeded dependency on http-parser-devel
* Tue Jan  7 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.1-1
- Update to 12.14.1
- https://github.com/nodejs/node/blob/v12.14.1/doc/changelogs/CHANGELOG_V12.md
* Mon Jan  6 2020 Stephen Gallagher <sgallagh@redhat.com> - 1:12.14.0-2
- Update to 12.14.0
- https://github.com/nodejs/node/blob/v12.14.0/doc/changelogs/CHANGELOG_V12.md
- Add new subpackage nodejs-full-i18n to enable optional non-English locale
  support
- Update documentation packaging for NPM
* Mon Dec  2 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.1-1
- Update to 12.13.1
- https://github.com/nodejs/node/blob/v12.13.1/doc/changelogs/CHANGELOG_V12.md
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-6
- Add proper i18n support
* Tue Oct 29 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-5
- Fix issue with NPM docs being replaced with a symlink
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-2
- Simplify npmrc default configuration
* Mon Oct 28 2019 Stephen Gallagher <sgallagh@redhat.com> - 1:12.13.0-1
- Update to 12.13.0 (LTS)
- https://github.com/nodejs/node/blob/v12.13.0/doc/changelogs/CHANGELOG_V12.md
- NPM no longer clobbers RPM-installed Node.js modules
- Drop no-longer needed patch to suppress `npm update -g npm` message
-------------------------------------------------------------------------------
-
References:

  [ 1 ] Bug #1767147 - CVE-2019-17592 nodejs-csv-parse: regular expression
 denial of service [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1767147
  [ 2 ] Bug #1788312 - CVE-2019-16776 nodejs: Arbitrary file write via
 constructed entry in the package.json bin field [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1788312
  [ 3 ] Bug #1788306 - CVE-2019-16775 nodejs: Symlink reference outside of
 node_modules folder through the bin field upon installation [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1788306
  [ 4 ] Bug #1788302 - CVE-2019-16777 nodejs: Global node_modules Binary
 Overwrite via npm CLI [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=1788302
-------------------------------------------------------------------------------
-

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2020-595ce5e3cc' at the command
line. For more information, refer to the dnf documentation available at
http://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
-------------------------------------------------------------------------------
-
_______________________________________________
package-announce mailing list -- package-announce@lists.fedoraproject.org
To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org
Pro-Linux
Pro-Linux @Facebook
Neue Nachrichten

141
Mach­t's gut!

51
Neue Raspber­ry Pi-Va­ri­an­te mit 8 GB RAM

0
Genode 20.05 frei­ge­ge­ben

9
Sub­ver­si­on 1.14.0-LTS vor­ge­stellt

0
»Hum­ble Ci­ties: Sky­lines Bund­le« vor­ge­stellt

0
End of Life für Co­reOS Con­tai­ner Linux ver­kün­det

32
Elek­tra 0.9.2 er­schie­nen

8
Nex­tDNS ver­lässt die Be­ta-Pha­se

23
Tu­xe­do stellt Ga­mer-Note­book vor

0
Libre Gra­phics Mee­ting be­ginnt als On­li­ne-Va­ri­an­te
 
Werbung