Mandriva Linux Security Advisory : nodejs (MDVSA-2015:142)

This script is Copyright (C) 2015 Tenable Network Security, Inc.

Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated nodejs package fixes security vulnerabilities :

A memory corruption vulnerability, which results in a
denial-of-service, was identified in the versions of V8 that ship with
Node.js 0.8 and 0.10. In certain circumstances, a particularly deep
recursive workload that may trigger a GC and receive an interrupt may
overflow the stack and result in a segmentation fault. For instance,
if your work load involves successive JSON.parse calls and the parsed
objects are significantly deep, you may experience the process
aborting while parsing (CVE-2014-5256).

Multiple unspecified vulnerabilities in Google V8 before,
as used in Node.js before 0.10.31, allow attackers to cause a denial
of service or possibly have other impact via unknown vectors

The nodejs package has been updated to version 0.10.33 to fix these
issues as well as several other bugs.

See also :

Solution :

Update the affected nodejs package.

Risk factor :

High / CVSS Base Score : 7.5

Family: Mandriva Local Security Checks

Nessus Plugin ID: 82395 ()

Bugtraq ID:

CVE ID: CVE-2013-6668

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now