libuv-1.41.1-1.el8

エラータID: AXSA:2021-2313:02

Release date: 
Wednesday, August 11, 2021 - 04:12
Subject: 
libuv-1.41.1-1.el8
Affected Channels: 
Asianux Server 8 for x86_64
Severity: 
Low
Description: 

libuv is a multi-platform support library with a focus on asynchronous I/O.

Security Fix(es):

* libuv: out-of-bounds read in uv__idna_toascii() can lead to information disclosures or crashes (CVE-2021-22918)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().

Solution: 

Update packages.

CVEs: 
CVE-2021-22918
Node.js before 16.4.1, 14.17.2, 12.22.2 is vulnerable to an out-of-bounds read when uv__idna_toascii() is used to convert strings to ASCII. The pointer p is read and increased without checking whether it is beyond pe, with the latter holding a pointer to the end of the buffer. This can lead to information disclosures or crashes. This function can be triggered via uv_getaddrinfo().
Additional Info: 

N/A

Download: 

SRPMS
  1. libuv-1.41.1-1.el8.src.rpm
    MD5: 568e19fffc808e6f06495fd9cbb07933
    SHA-256: 6b85ae04ed08f2c1abf95a6569006e2c42c101054c7688355e1a9ecc24e460bc
    Size: 1.23 MB

Asianux Server 8 for x86_64
  1. libuv-1.41.1-1.el8.x86_64.rpm
    MD5: e47dfa06e85c3944d58f243b52e7d165
    SHA-256: 2e184c261390bae2817e33b0d91aa655db56e9987b2728aeab2203c9c9d615f5
    Size: 155.18 kB
  2. libuv-1.41.1-1.el8.i686.rpm
    MD5: 9e5f3f9b9b96f2e1743abd7acc0d52fc
    SHA-256: 1b3e61b757dbf9d31457c129f4cbf156816e1bffd8915c1f69c6630aa1e964cb
    Size: 163.72 kB