Advisories ยป MGASA-2014-0007

Updated nodejs package fixes security vulnerabilities

Publication date: 06 Jan 2014
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-4450 , CVE-2013-6639 , CVE-2013-6640

Description

A denial of service flaw was found in the way Node.js handled pipelined
HTTP requests. A remote attacker could use this flaw to send an excessive
amount of HTTP requests over a network connection, causing Node.js to use
an excessive amount of memory and possibly exit when all available memory
is exhausted (CVE-2013-4450).

Denial of service issues in the bundled v8 JavaScript library
(CVE-2013-6639, CVE-2013-6640).
                

References

SRPMS

3/core