Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sun, 05 Jul 2015 18:51:37 -0500
From: Mark Felder <feld@...d.me>
To: oss-security@...ts.openwall.com
Subject: node.js out of band write

Node has resolved a security vulnerability in their most recent release
but do not appear to have requested a CVE ID.

http://blog.nodejs.org/2015/07/03/node-v0-12-6-stable/

Node v0.12.6 (Stable)
Sat, 04 Jul 2015 02:34:23 UTC - release

This release of Node.js fixes a bug that triggers an out-of-band write
in V8's utf-8 decoder. This bug impacts all Buffer to String
conversions. This is an important security update as this bug can be
used to cause a denial of service attack.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ