- The nodejs-qs module has the ability to create sparse arrays during parsing. By specifying a high index in a querystring parameter it is possible to create a large array that will eventually take up all the allocated memory of the running process, resulting in a crash. (CVE-2014-7191)
- A previous patch to the nodejs010-node-gyp RPM package introduced a bug, which caused the node-gyp module to work incorrectly. As a consequence, users were unable to install or build native Node.js modules. A new patch has been applied, the node-gyp module now works as expected, and it no longer affects other modules. (BZ#1255594)
All nodejs010-nodejs-qs and nodejs010-node-gyp users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.