Mandriva Linux Security Advisory : nodejs (MDVSA-2015:228)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated nodejs package fixes security vulnerability :

It was found that libuv does not call setgoups before calling
setuid/setgid. This may potentially allow an attacker to gain elevated
privileges (CVE-2015-0278).

The libuv library is bundled with nodejs, and a fixed version of libuv
is included with nodejs as of version 0.10.37. The nodejs package has
been updated to version 0.10.38 to fix this issue, as well as several
other bugs.

See also :

http://advisories.mageia.org/MGASA-2015-0186.html

Solution :

Update the affected nodejs package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 83274 ()

Bugtraq ID:

CVE ID: CVE-2015-0278

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now