Author: renodr
Date: Thu Dec 19 13:26:36 2019
New Revision: 1513
Log:
errata: Add errata for Node.JS vulnerability (in npm)
Modify errata for git and unzip so that they both function properly.
Modified:
html/trunk/blfs/errata/9.0-systemd/index.html
html/trunk/blfs/errata/9.0/index.html
Modified: html/trunk/blfs/errata/9.0-systemd/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0-systemd/index.html Mon Dec 16 07:29:45
2019 (r1512)
+++ html/trunk/blfs/errata/9.0-systemd/index.html Thu Dec 19 13:26:36
2019 (r1513)
@@ -144,7 +144,7 @@
<p>After release it was discovered that many security fixes for
unzip-6.0 were present in distros but had not been applied to BLFS.
To fix these, rebuild unzip using the patch in
- <a href="../..//view/systemd/general/unzip.html">unzip-6.0</a>.</p>
+ <a href="../../view/systemd/general/unzip.html">unzip-6.0</a>.</p>
<p>After release the xvid team released a new version that contained
fixes for "various, long-standing and potentially critical security
@@ -156,7 +156,15 @@
of git were disclosed. These allow an attacker to overwrite arbitrary
paths, remotely execute code, or overwrite files in the .git/ directory.
To fix these, please update to git-2.24.1 using the instructions in
- <a href="../../view/systemd/general/prog/git.html">git-2.24.1</a>.</p>
+ <a href="../../view/systemd/general/git.html">git-2.24.1</a>.</p>
+
+ <p>After release, a security flaw was discovered in npm, shipped with
+ node.js, that leads to files being overwrited when installing packages.
+ These files get overwritten in whatever prefix you are installing node in,
+ and can include files in /usr/bin and /usr/sbin. This can lead to file
+ deletion of files installed by other packages and other damage. Please
+ update to node.js-12.13.0 as soon as possible using the instructions in
+ <a href"../../view/systemd/general/node.html">Node.JS-12.13.0</a>.</p>
<h2>Known Security Vulnerabilities</h2>
Modified: html/trunk/blfs/errata/9.0/index.html
==============================================================================
--- html/trunk/blfs/errata/9.0/index.html Mon Dec 16 07:29:45 2019
(r1512)
+++ html/trunk/blfs/errata/9.0/index.html Thu Dec 19 13:26:36 2019
(r1513)
@@ -161,7 +161,16 @@
of git were disclosed. These allow an attacker to overwrite arbitrary
paths, remotely execute code, or overwrite files in the .git/ directory.
To fix these, please update to git-2.24.1 using the instructions in
- <a href="../../view/svn/general/prog/git.html">git-2.24.1</a>.</p>
+ <a href="../../view/svn/general/git.html">git-2.24.1</a>.</p>
+
+ <p>After release, a security flaw was discovered in npm, shipped with
+ node.js, that leads to files being overwrited when installing packages.
+ These files get overwritten in whatever prefix you are installing node in,
+ and can include files in /usr/bin and /usr/sbin. This can lead to file
+ deletion of files installed by other packages and other damage. Please
+ update to node.js-12.13.0 as soon as possible using the instructions in
+ <a href"../../view/svn/general/node.html">Node.JS-12.13.0</a>.</p>
+
<!--
<p>A vulnerability with available exploits in all recent versions of
ghostscript has been fixed in the development book by patching gs-9.25.
--
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
