#14875: node.js-14.16.1
-------------------------+-----------------------
Reporter: renodr | Owner: ken@…
Type: enhancement | Status: assigned
Priority: normal | Milestone: 10.2
Component: BOOK | Version: SVN
Severity: normal | Resolution:
Keywords: |
-------------------------+-----------------------
Changes (by ken@…):
* owner: blfs-book => ken@…
* status: new => assigned
Comment:
Huh, I thought I'd updated this and accepted it:
[https://nodejs.org/en/blog/vulnerability/april-2021-security-releases/]
{{{
(Update 6-Apr-2021) Security releases available
Updates are now available for v10,x, v12.x, v14.x and v15.x Node.js
release lines for the following issues.
OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (High)
(CVE-2021-3450)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
OpenSSL - NULL pointer deref in signature_algorithms processing (High)
(CVE-2021-3449)
This is a vulnerability in OpenSSL which may be exploited through Node.js.
You can read more about it in
https://www.openssl.org/news/secadv/20210325.txt
Impacts:
All versions of the 15.x, 14.x, 12.x and 10.x releases lines
npm upgrade - Update y18n to fix Prototype-Pollution (High)
(CVE-2020-7774)
This is a vulnerability in the y18n npm module which may be exploited by
prototype pollution. You can read more about it in
https://github.com/advisories/GHSA-c4w7-xm78-47vh
Impacts:
All versions of the 14.x, 12.x and 10.x releases lines
Downloads and release details
Node.js v10.24.1 (LTS)
Node.js v12.22.1 (LTS)
Node.js v14.16.1 (LTS)
Node.js v15.14.0 (Current)
}}}
--
Ticket URL: <http://wiki.linuxfromscratch.org/blfs/ticket/14875#comment:1>
BLFS Trac <http://wiki.linuxfromscratch.org/blfs>
Beyond Linux From Scratch
--
http://lists.linuxfromscratch.org/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
