Mandriva Linux Security Advisory : nodejs (MDVSA-2015:142)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated nodejs package fixes security vulnerabilities :

A memory corruption vulnerability, which results in a
denial-of-service, was identified in the versions of V8 that ship with
Node.js 0.8 and 0.10. In certain circumstances, a particularly deep
recursive workload that may trigger a GC and receive an interrupt may
overflow the stack and result in a segmentation fault. For instance,
if your work load involves successive JSON.parse calls and the parsed
objects are significantly deep, you may experience the process
aborting while parsing (CVE-2014-5256).

Multiple unspecified vulnerabilities in Google V8 before 3.24.35.10,
as used in Node.js before 0.10.31, allow attackers to cause a denial
of service or possibly have other impact via unknown vectors
(CVE-2013-6668).

The nodejs package has been updated to version 0.10.33 to fix these
issues as well as several other bugs.

See also :

http://advisories.mageia.org/MGASA-2014-0516.html

Solution :

Update the affected nodejs package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82395 ()

Bugtraq ID:

CVE ID: CVE-2013-6668
CVE-2014-5256

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now