diff options
| author | Beth Griggs <bgriggs@redhat.com> | 2020-12-24 17:21:21 +0300 |
|---|---|---|
| committer | Beth Griggs <bgriggs@redhat.com> | 2021-01-04 20:53:38 +0300 |
| commit | a384a0c4c6bee1e7b1ec30417d6f743f59cd3b84 (patch) | |
| tree | 1dbaea4b8be1d11368b8aba3937422fa78e954f1 /CHANGELOG.md | |
| parent | 433ed98b4011a9b7f1e98aa9b111b865dc491fa1 (diff) | |
2021-01-04, Version 14.15.4 'Fermium' (LTS)
This is a security release.
Notable changes:
Vulnerabilities fixed:
- **CVE-2020-1971**: OpenSSL - EDIPARTYNAME NULL pointer de-reference
(High)
- This is a vulnerability in OpenSSL which may be exploited through
Node.js. You can read more about it in
https://www.openssl.org/news/secadv/20201208.txt
- **CVE-2020-8265**: use-after-free in TLSWrap (High)
- Affected Node.js versions are vulnerable to a use-after-free bug in
its TLS implementation. When writing to a TLS enabled socket,
node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly
allocated WriteWrap object as first argument. If the DoWrite method
does not return an error, this object is passed back to the caller as
part of a StreamWriteResult structure. This may be exploited to
corrupt memory leading to a Denial of Service or potentially other
exploits.
- **CVE-2020-8287**: HTTP Request Smuggling in nodejs (Low)
- Affected versions of Node.js allow two copies of a header field in
a http request. For example, two Transfer-Encoding header fields. In
this case Node.js identifies the first header field and ignores the
second. This can lead to HTTP Request Smuggling
(https://cwe.mitre.org/data/definitions/444.html).
PR-URL: https://github.com/nodejs-private/node-private/pull/242
Diffstat (limited to 'CHANGELOG.md')
| -rw-r--r-- | CHANGELOG.md | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 5b336b3a5ef..3796e013975 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -43,7 +43,8 @@ release. <a href="doc/changelogs/CHANGELOG_V15.md#15.0.0">15.0.0</a><br/> </td> <td valign="top"> -<b><a href="doc/changelogs/CHANGELOG_V14.md#14.15.3">14.15.3</a></b><br/> +<b><a href="doc/changelogs/CHANGELOG_V14.md#14.15.4">14.15.4</a></b><br/> +<a href="doc/changelogs/CHANGELOG_V14.md#14.15.3">14.15.3</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.15.2">14.15.2</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.15.1">14.15.1</a><br/> <a href="doc/changelogs/CHANGELOG_V14.md#14.15.0">14.15.0</a><br/> |