Dec 20, 2017 10:00 am EST
Categorized: High Severity
Share this post:
OpenSSL vulnerabilities were disclosed on November 2, 2017 by the OpenSSL Project. OpenSSL is used by IBM SDK for Node.js. IBM SDK for Node.js has addressed the applicable CVEs.A vulnerability was disclosed in October 2017 by the Node.js project. IBM SDK for Node.js has addressed the CVE.
CVE(s): CVE-2017-3735, CVE-2017-14919
Affected product(s) and affected version(s):
These vulnerabilities affect IBM SDK for Node.js v4.8.4.0 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v6.11.5.0 and earlier releases.
These vulnerabilities affect IBM SDK for Node.js v8.1.4.0 and earlier releases.
You can also find this file through the command-line Cloud Foundry client by running the following command:
cf ssh <appname> -c cat staging_info.yml
Look for the following lines:
{“detected_buildpack”:”SDK for Node.js(TM) (ibm-node.js-xxx, buildpack-v3.xxx)”,”start_command”:”./vendor/initial_startup.rb”}
If the Node.js engine version is not at least v4.8.5 or v6.12.0 or v8.9.0 your application may be vulnerable.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2B6EpNz
X-Force Database: http://ift.tt/2zTVDha
X-Force Database: http://ift.tt/2hq6hEr
from IBM Product Security Incident Response Team http://ift.tt/2BRZizK
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.