Buffer overflow in the Google V8 Javascript implementation used by IBM SDK for Node.js
CVE(s): CVE-2016-1669
Affected product(s) and affected version(s):
These vulnerabilities affect IBM SDK for Node.js v1.1.1.2 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v1.2.0.13 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v4.4.5.0 and previous releases.
These vulnerabilities affect IBM SDK for Node.js v6.1.0.0 and previous releases.
The corresponding open-source versions are v0.10.45, v0.12.14 and v4.4.5, respectively.
To check which version of the Node.js runtime runtime your Bluemix application is using, navigate to the “Files” menu item for your application through the Bluemix UI. In the “logs” directory, check the “staging_task.log”.
You can also find this file through the command-line Cloud Foundry client by running the following command:
cf files <appname> logs/staging_task.log
Look for the following lines:
—–> IBM SDK for Node.js Buildpack _______
If the Node.js engine version is not v0.10.46, v0.12.15 or v4.4.6, your application may be vulnerable.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2aj2oek
X-Force Database: http://ift.tt/29qowH9
from IBM Product Security Incident Response Team http://ift.tt/2aj2zGp
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.