FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

node.js -- ares_create_query single byte out of buffer write

Affected packages
node010 < 0.10.48
node012 < 0.12.17
node4 < 4.6.1

Details

VuXML ID 28bb6ee5-9b5c-11e6-b799-19bef72f4b7c
Discovery 2016-10-18
Entry 2016-10-26

Node.js has released new versions containing the following security fix:

The following releases all contain fixes for CVE-2016-5180 "ares_create_query single byte out of buffer write": Node.js v0.10.48 (Maintenance), Node.js v0.12.17 (Maintenance), Node.js v4.6.1 (LTS "Argon")

While this is not a critical update, all users of these release lines should upgrade at their earliest convenience.

References

CVE Name CVE-2016-5180
FreeBSD PR ports/213800
URL https://nodejs.org/en/blog/vulnerability/october-2016-security-releases/