Category Archives: node-js

nodejs

Node.js openSSL and V8 security updates

Over the last few weeks several security updates have been released for Node.js.

OpenSSL – Various updates fix OpenSSL bugs and apply to most versions of Node.js from V0.10.

DoS – The next update fixes a DoS (denial of service) vulnerability for versions v0.12 to v5. An attacker could cause the HTTP Socket to shut down. This is critical severity. Reference: CVE-2015-8027.

V8 Out-of-bounds access – This bug is with the V8 engines JSON implementation. Under certain circumstances, the severity is rated as high.

Node.js recommend all users upgrade ASAP. If you’ve already got a version/upgrade since the 4th December 2015, you can relax. If not, you should arrange to upgrade soon.