Lucene search

K
mageiaGentoo FoundationMGASA-2015-0186
HistoryMay 05, 2015 - 4:36 p.m.

Updated nodejs packages fix security vulnerabilities

2015-05-0516:36:50
Gentoo Foundation
advisories.mageia.org
14

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.3%

Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges (CVE-2015-0278). The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

OSVersionArchitecturePackageVersionFilename
Mageia4noarchnodejs< 0.10.38-1nodejs-0.10.38-1.mga4

10 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.007 Low

EPSS

Percentile

80.3%