{"id":"MGASA-2019-0277","summary":"Updated nodejs packages fix security vulnerabilities","details":"This update provides nodejs v6.17.1 fixing at least the following security\nissues:\n\nThe c-ares function ares_parse_naptr_reply(), which is used for parsing\nNAPTR responses, could be triggered to read memory outside of the given\ninput buffer (CVE-2017-1000381) \n\nFix for 'path' module regular expression denial of service (CVE-2018-7158)\n\nReject spaces in HTTP Content-Length header values (CVE-2018-7159)\n\nFix for inspector DNS rebinding vulnerability (CVE-2018-7160)\n\nbuffer: Fixes Denial of Service vulnerability where calling Buffer.fill()\ncould hang (CVE-2018-7167)\n\nbuffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding\n(CVE-2018-12115)\n\nNode.js: HTTP request splitting (CVE-2018-12116)\n\nNode.js: Debugger port 5858 listens on any interface by default\n(CVE-2018-12120)\n\nNode.js: Denial of Service with large HTTP headers (CVE-2018-12121)\n\nNode.js: Slowloris HTTP Denial of Service (CVE-2018-12122)\n\nNode.js: Hostname spoofing in URL parser for javascript protocol (CVE-2018-12123)\n\nNode.js: Slowloris HTTP Denial of Service with keep-alive (CVE-2019-5737)\n\nNode.js: Denial of Service with keep-alive HTTP connections (CVE-2019-5739)\n\nFor other fixes in this update, see the referenced release logs.\n","modified":"2026-04-16T04:41:44.565194424Z","published":"2019-09-15T13:24:16Z","upstream":["CVE-2017-1000381","CVE-2018-12115","CVE-2018-12116","CVE-2018-12120","CVE-2018-12121","CVE-2018-12122","CVE-2018-12123","CVE-2018-7158","CVE-2018-7159","CVE-2018-7160","CVE-2018-7167","CVE-2019-5737","CVE-2019-5739"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2019-0277.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=21330"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.11.0/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.11.1/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.11.2/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.11.3/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.11.4/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.12.0/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.12.1/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.12.2/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.12.3/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.13.0/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.13.1/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.14.0/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.14.1/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.14.2/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.14.3/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.15.0/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.15.1/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.16.0/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.17.0/"},{"type":"WEB","url":"https://nodejs.org/en/blog/release/v6.17.1/"}],"affected":[{"package":{"name":"nodejs","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/nodejs?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"6.17.1-8.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0277.json"}},{"package":{"name":"http-parser","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/http-parser?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.9.2-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0277.json"}},{"package":{"name":"libuv","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/libuv?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.16.1-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2019-0277.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}