Gentoo Linux Security Advisory 201701-28 - A heap-based buffer overflow in c-ares might allow remote attackers to cause a Denial of Service condition. Versions less than 1.12.0 are affected.
e22bebe9e1d6baa04d82a2600394e4cbe1397e8dac861aa025be79441cf640beRed Hat Security Advisory 2017-0002-01 - Node.js is a platform built on Chrome's JavaScript runtime for easily building fast, scalable network applications. Node.js uses an event-driven, non-blocking I/O model that makes it lightweight and efficient, perfect for data-intensive real-time applications that run across distributed devices. The following packages have been upgraded to a newer upstream version: rh-nodejs4-nodejs, rh-nodejs4-http-parser. Security Fix: It was found that Node.js' tls.checkServerIdentity() function did not properly validate server certificates containing wildcards. A malicious TLS server could use this flaw to get a specially crafted certificate accepted by a Node.js TLS client.
487f8935425fab345c81e3d7c667d1f0fbea527ff25fc99538a766b46a2d968bUbuntu Security Notice 3143-1 - Gzob Qq discovered that c-ares incorrectly handled certain hostnames. A remote attacker could use this issue to cause applications using c-ares to crash, resulting in a denial of service, or possibly execute arbitrary code.
fd4c712ebea3609f12d8d0e74b0732444f1f40626f07b8895e89025af4f6bdb3
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed