Fedora 18 : nodejs-normalize-package-data-0.2.0-1.fc18 / node-gyp-0.10.6-1.fc18 / etc (2013-11780)

low Nessus Plugin ID 68999

Synopsis

The remote Fedora host is missing one or more security updates.

Description

This update provides the latest npm and updates its dependencies. It also fixes a minor security bug.

For more information about recent changes in npm, see the changelog at GitHub: https://github.com/isaacs/npm/commits/v1.3.3

Additionally, this update restricts all included packages to only the architectures supported by the V8 JavaScript runtime.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?25f56e08

http://www.nessus.org/u?e26cadcb

http://www.nessus.org/u?2be6707a

http://www.nessus.org/u?8d07ba1f

http://www.nessus.org/u?5cf9badd

http://www.nessus.org/u?116f3c94

https://bugzilla.redhat.com/show_bug.cgi?id=921649

https://bugzilla.redhat.com/show_bug.cgi?id=927575

https://bugzilla.redhat.com/show_bug.cgi?id=948659

https://bugzilla.redhat.com/show_bug.cgi?id=953051

https://bugzilla.redhat.com/show_bug.cgi?id=954280

https://bugzilla.redhat.com/show_bug.cgi?id=954281

https://bugzilla.redhat.com/show_bug.cgi?id=968919

https://bugzilla.redhat.com/show_bug.cgi?id=973968

https://bugzilla.redhat.com/show_bug.cgi?id=976984

https://bugzilla.redhat.com/show_bug.cgi?id=983918

https://bugzilla.redhat.com/show_bug.cgi?id=984202

https://bugzilla.redhat.com/show_bug.cgi?id=985305

https://github.com/isaacs/npm/commits/v1.3.3

http://www.nessus.org/u?e4e8aeb8

http://www.nessus.org/u?27860245

http://www.nessus.org/u?8a10c181

http://www.nessus.org/u?0880609c

http://www.nessus.org/u?380f04a8

http://www.nessus.org/u?b6f978c5

http://www.nessus.org/u?b883b6ca

http://www.nessus.org/u?eedc3937

http://www.nessus.org/u?666e422f

http://www.nessus.org/u?ae21bffa

http://www.nessus.org/u?729dac04

http://www.nessus.org/u?de74e9bd

http://www.nessus.org/u?0849f1c4

http://www.nessus.org/u?77cc1ea6

http://www.nessus.org/u?8573e9fd

http://www.nessus.org/u?1289a3cb

http://www.nessus.org/u?a49b6103

http://www.nessus.org/u?98b7bfa4

http://www.nessus.org/u?2338c216

http://www.nessus.org/u?1f663137

http://www.nessus.org/u?efd714a3

http://www.nessus.org/u?cca3a991

http://www.nessus.org/u?909902ab

http://www.nessus.org/u?fbccf294

http://www.nessus.org/u?488df08b

http://www.nessus.org/u?404d2626

http://www.nessus.org/u?d23ae24d

http://www.nessus.org/u?f8138075

http://www.nessus.org/u?49750b8e

http://www.nessus.org/u?3488e88a

http://www.nessus.org/u?1bd590ae

http://www.nessus.org/u?0b1120a7

http://www.nessus.org/u?55adbc9d

http://www.nessus.org/u?73ab8d5f

http://www.nessus.org/u?7cd5d058

http://www.nessus.org/u?3dc211c5

http://www.nessus.org/u?6e5afd8e

http://www.nessus.org/u?5fb7601b

http://www.nessus.org/u?b48814bf

http://www.nessus.org/u?5e3e7c03

http://www.nessus.org/u?80da6dc1

http://www.nessus.org/u?0c61fddc

http://www.nessus.org/u?166cb418

Plugin Details

Severity: Low

ID: 68999

File Name: fedora_2013-11780.nasl

Version: 1.10

Type: local

Agent: unix

Published: 7/23/2013

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 3.3

Temporal Score: 2.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:fedoraproject:fedora:node-gyp, p-cpe:/a:fedoraproject:fedora:nodejs-ansi, p-cpe:/a:fedoraproject:fedora:nodejs-asn1, p-cpe:/a:fedoraproject:fedora:nodejs-aws-sign, p-cpe:/a:fedoraproject:fedora:nodejs-better-assert, p-cpe:/a:fedoraproject:fedora:nodejs-boom, p-cpe:/a:fedoraproject:fedora:nodejs-callsite, p-cpe:/a:fedoraproject:fedora:nodejs-child-process-close, p-cpe:/a:fedoraproject:fedora:nodejs-cmd-shim, p-cpe:/a:fedoraproject:fedora:nodejs-config-chain, p-cpe:/a:fedoraproject:fedora:nodejs-cookie-jar, p-cpe:/a:fedoraproject:fedora:nodejs-couch-login, p-cpe:/a:fedoraproject:fedora:nodejs-cryptiles, p-cpe:/a:fedoraproject:fedora:nodejs-ctype, p-cpe:/a:fedoraproject:fedora:nodejs-editor, p-cpe:/a:fedoraproject:fedora:nodejs-forever-agent, p-cpe:/a:fedoraproject:fedora:nodejs-form-data, p-cpe:/a:fedoraproject:fedora:nodejs-fstream, p-cpe:/a:fedoraproject:fedora:nodejs-fstream-ignore, p-cpe:/a:fedoraproject:fedora:nodejs-fstream-npm, p-cpe:/a:fedoraproject:fedora:nodejs-github-url-from-git, p-cpe:/a:fedoraproject:fedora:nodejs-glob, p-cpe:/a:fedoraproject:fedora:nodejs-graceful-fs, p-cpe:/a:fedoraproject:fedora:nodejs-hawk, p-cpe:/a:fedoraproject:fedora:nodejs-hoek, p-cpe:/a:fedoraproject:fedora:nodejs-http-signature, p-cpe:/a:fedoraproject:fedora:nodejs-inherits, p-cpe:/a:fedoraproject:fedora:nodejs-inherits1, p-cpe:/a:fedoraproject:fedora:nodejs-init-package-json, p-cpe:/a:fedoraproject:fedora:nodejs-json-stringify-safe, p-cpe:/a:fedoraproject:fedora:nodejs-lockfile, p-cpe:/a:fedoraproject:fedora:nodejs-normalize-package-data, p-cpe:/a:fedoraproject:fedora:nodejs-npm-registry-client, p-cpe:/a:fedoraproject:fedora:nodejs-npm-user-validate, p-cpe:/a:fedoraproject:fedora:nodejs-npmconf, p-cpe:/a:fedoraproject:fedora:nodejs-npmlog, p-cpe:/a:fedoraproject:fedora:nodejs-oauth-sign, p-cpe:/a:fedoraproject:fedora:nodejs-read-installed, p-cpe:/a:fedoraproject:fedora:nodejs-read-package-json, p-cpe:/a:fedoraproject:fedora:nodejs-request, p-cpe:/a:fedoraproject:fedora:nodejs-rimraf, p-cpe:/a:fedoraproject:fedora:nodejs-semver, p-cpe:/a:fedoraproject:fedora:nodejs-sha, p-cpe:/a:fedoraproject:fedora:nodejs-slide, p-cpe:/a:fedoraproject:fedora:nodejs-sntp, p-cpe:/a:fedoraproject:fedora:nodejs-tap, p-cpe:/a:fedoraproject:fedora:nodejs-tunnel-agent, p-cpe:/a:fedoraproject:fedora:nodejs-vows, p-cpe:/a:fedoraproject:fedora:npm, cpe:/o:fedoraproject:fedora:18

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/27/2013

Vulnerability Publication Date: 4/22/2014

Reference Information

CVE: CVE-2013-4116

BID: 61083

FEDORA: 2013-11780