FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Node.js -- multiple vulnerabilities

Affected packages
node < 12.8.1
node10 < 10.16.3
node8 < 8.16.1

Details

VuXML ID c97a940b-c392-11e9-bb38-000d3ab229d6
Discovery 2019-08-16
Entry 2019-08-21

Node.js reports:

Node.js, as well as many other implementations of HTTP/2, have been found vulnerable to Denial of Service attacks. See https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md for more information.

Updates are now available for all active Node.js release lines, including Linux ARMv6 builds for Node.js 8.x (which had been delayed).

We recommend that all Node.js users upgrade to a version listed below as soon as possible.

Vulnerabilities Fixed

Impact: All versions of Node.js 8 (LTS "Carbon"), Node.js 10 (LTS "Dubnium"), and Node.js 12 (Current) are vulnerable to the following:

References

CVE Name CVE-2019-9511
CVE Name CVE-2019-9512
CVE Name CVE-2019-9513
CVE Name CVE-2019-9514
CVE Name CVE-2019-9515
CVE Name CVE-2019-9516
CVE Name CVE-2019-9517
CVE Name CVE-2019-9518
URL https://nodejs.org/en/blog/vulnerability/aug-2019-security-releases/