[website] r1724 - html/trunk/blfs/advisories

Fri, 26 Feb 2021 14:01:08 -0800 

Author: renodr
Date: Fri Feb 26 14:00:58 2021
New Revision: 1724

Log:
Security Advisories: Add 10.0-101 for Node.js vulnerabilities

Modified:
   html/trunk/blfs/advisories/10.0.html
   html/trunk/blfs/advisories/consolidated.html

Modified: html/trunk/blfs/advisories/10.0.html
==============================================================================
--- html/trunk/blfs/advisories/10.0.html        Wed Feb 24 14:54:56 2021        
(r1723)
+++ html/trunk/blfs/advisories/10.0.html        Fri Feb 26 14:00:58 2021        
(r1724)
@@ -429,6 +429,13 @@
 
     <h3>Node.js</h3>
 
+    <h4>10.0 101 Node.js  Date: 2021-02-26  Severity: High</h4>
+    <p>In Node.js before 14.16.0, three high severity security vulnerabilities
+    were discovered. One of them can lead to resource exhaustion, another is
+    an integer overflow, and the other is a DNS rebinding attack. Update to 
+    v14.16.0 or later.
+    <a href=consolidated.html#10.0-101">10.0-101</a></p>
+
     <h4>10.0 062 Node.js  Date: 2021-01-05  Severity: High</h4>
     <p>In Node.js before 12.20.1, 14.15.4 a high security vulnerability (use
     after free, leading to Denial of Service or other exploits) as well as

Modified: html/trunk/blfs/advisories/consolidated.html
==============================================================================
--- html/trunk/blfs/advisories/consolidated.html        Wed Feb 24 14:54:56 
2021        (r1723)
+++ html/trunk/blfs/advisories/consolidated.html        Fri Feb 26 14:00:58 
2021        (r1724)
@@ -75,6 +75,19 @@
     the longer term who knows what will happen to packages (e.g. getting
     replaced or archived). See the gstreamer links re 1.16 for an example of
     linking to a released book (old 10.0) -->
+    <a id="10.0-101">
+    <h4>10.0 101 node.js Date: 2021-02-26 Severity: High</h4>
+    <p>Node.JS-14.16.0 fixed three security vulnerabilities. One of them is a 
+    denial of service vulnerability (resource exhaustion via HTTP2 protocols),
+    another is a DNS rebinding attack, and a third is an integer overflow.
+    These vulnerabilities have been assigned CVE-2021-22883, CVE-2021-22884,
+    and CVE-2021-23840. The CVEs are not available at NVD yet, but more
+    information can be found at 
+    <a 
href="https://nodejs.org/en/blog/vulnerability/february-2021-security-releases/";>
+    February 2021 Security Releases</a>.</p>
+    <p>To fix these, update to Node.JS-14.16.0 or later using the instructions 
in
+    <a href="../view/svn/general/nodejs.html">Node.JS (sysv)</a> or
+    <a href="../view/systemd/general/nodejs.html">Node.JS (systemd)</a>.</p>
 
     <a id="10.0-100">
     <h4>10.0 100 Thunderbird  Date: 2021-02-24  Severity: High</h4>
-- 
http://lists.linuxfromscratch.org/listinfo/website
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page

Reply via email to