TPS-2015-005 Vulnerability in Node.js 0.11.x thru 0.12.5

Summary

Vulnerability in Node.js 0.11.x thru 0.12.5 – this issue is resolved as follows in Node.js version 0.12.6:

Fixed an out-of-band write in utf8 decoder. Impacts all Buffer to String conversions. This is an important security update as it can be used to cause a denial of service attack.

Status

pkgsrc 2014Q4 and 2015Q1 have been updated with nodejs-0.12.6. Customers can upgrade as follows:

pkgin up
pkgin upgrade nodejs

If you have any questions regarding this issue, please contact Joyent Support by creating a ticket at https://help.joyent.com or via email to support@joyent.com.