Test ID:	1.3.6.1.4.1.25623.1.1.10.2016.0307
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2016-0307)
Summary:	The remote host is missing an update for the 'nodejs' package(s) announced via the MGASA-2016-0307 advisory.
Description:	Summary: The remote host is missing an update for the 'nodejs' package(s) announced via the MGASA-2016-0307 advisory. Vulnerability Insight: Under certain conditions, V8 may improperly expand memory allocations in the Zone::New function. This could potentially be used to cause a Denial of Service via buffer overflow or as a trigger for a remote code execution (CVE-2016-1669). The primary npm registry has used HTTP bearer tokens to authenticate requests from the npm command-line interface. Due to a design flaw in the CLI, these bearer tokens were sent with every request made by the CLI for logged-in users, regardless of the destination of the request. This flaw allows an attacker to set up an HTTP server that could collect authentication information they could use to impersonate the users whose tokens they collected. This impersonation would allow them to do anything the compromised users could do, including publishing new versions of packages. Affected Software/OS: 'nodejs' package(s) on Mageia 5. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2016-1669 BugTraq ID: 90584 http://www.securityfocus.com/bid/90584 Debian Security Information: DSA-3590 (Google Search) http://www.debian.org/security/2016/dsa-3590 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CITS5GIUTNWVSUXMSORIAJJLQBEGL2CK/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZPTKXI62OPCJCJGCSFMST4HIBQ27J72W/ https://security.gentoo.org/glsa/201605-02 RedHat Security Advisories: RHSA-2016:1080 http://rhn.redhat.com/errata/RHSA-2016-1080.html RedHat Security Advisories: RHSA-2017:0002 http://rhn.redhat.com/errata/RHSA-2017-0002.html RedHat Security Advisories: RHSA-2017:0879 https://access.redhat.com/errata/RHSA-2017:0879 RedHat Security Advisories: RHSA-2017:0880 https://access.redhat.com/errata/RHSA-2017:0880 RedHat Security Advisories: RHSA-2017:0881 https://access.redhat.com/errata/RHSA-2017:0881 RedHat Security Advisories: RHSA-2017:0882 https://access.redhat.com/errata/RHSA-2017:0882 RedHat Security Advisories: RHSA-2018:0336 https://access.redhat.com/errata/RHSA-2018:0336 http://www.securitytracker.com/id/1035872 SuSE Security Announcement: openSUSE-SU-2016:1304 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00043.html SuSE Security Announcement: openSUSE-SU-2016:1319 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-05/msg00050.html SuSE Security Announcement: openSUSE-SU-2016:1655 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2016-06/msg00048.html SuSE Security Announcement: openSUSE-SU-2016:1834 (Google Search) http://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html http://www.ubuntu.com/usn/USN-2960-1
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.