MGASA-2014-0516
- Source
- https://advisories.mageia.org/MGASA-2014-0516.html
- Import Source
- https://advisories.mageia.org/MGASA-2014-0516.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/MGASA-2014-0516
- Related
- Published
- 2014-12-09T20:12:41Z
- Modified
- 2014-12-09T20:02:03Z
- Summary
- Updated nodejs package fixes security vulnerabilities
- Details
-
Updated nodejs package fixes security vulnerabilities:
A memory corruption vulnerability, which results in a denial-of-service, was identified in the versions of V8 that ship with Node.js 0.8 and 0.10. In certain circumstances, a particularly deep recursive workload that may trigger a GC and receive an interrupt may overflow the stack and result in a segmentation fault. For instance, if your work load involves successive JSON.parse calls and the parsed objects are significantly deep, you may experience the process aborting while parsing (CVE-2014-5256).
Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10, as used in Node.js before 0.10.31, allow attackers to cause a denial of service or possibly have other impact via unknown vectors (CVE-2013-6668).
The nodejs package has been updated to version 0.10.33 to fix these issues as well as several other bugs.
- References
-
- https://advisories.mageia.org/MGASA-2014-0516.html
- https://bugs.mageia.org/show_bug.cgi?id=13383
- http://blog.nodejs.org/2014/07/31/v8-memory-corruption-stack-overflow/
- http://nodejs.org/dist/v0.10.33/docs/changelog.html
- https://lists.fedoraproject.org/pipermail/package-announce/2014-August/136333.html
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:4 / nodejs
Package
- Name
- nodejs
- Purl
- pkg:rpm/mageia/nodejs?distro=mageia-4