[3.2] nodejs: a high-impact denial of service vulnerability (CVE-2015-8027)
CVE-2015-8027: a high-impact denial of service vulnerability
A bug exists in Node.js, all versions of v0.12.x through to v5.x
inclusive, whereby an external
attacker can cause a denial of service. The severity of this issue is
high (see CVSS scoring below)
and users of the affected versions should plan to upgrade when a fix is
made available.
Versions 0.10.x of Node.js are not affected.
Versions 0.12.x of Node.js are vulnerable.
Versions 4.x, including LTS Argon, of Node.js are vulnerable.
Versions 5.x of Node.js are vulnerable.
References:
https://nodejs.org/en/blog/vulnerability/december-2015-security-releases/
https://nodejs.org/en/blog/vulnerability/cve-2015-8027\_cve-2015-6764/
(from redmine: issue id 4937, created on 2015-12-08, closed on 2015-12-09)
- Relations:
- parent #4935 (closed)
- Changesets:
- Revision 3ce61e03 on 2015-12-09T15:43:40Z:
main/nodejs: security upgrade to 0.12.9 (CVE-2015-8027). Fixes #4937