SB2018033105 - Improper authentication in nodejs-current (Alpine package)
Published: March 31, 2018
Security Bulletin ID
SB2018033105
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Data manipulation
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper authentication (CVE-ID: CVE-2018-0733)
The vulnerability allows a remote attacker to modify potentially sensitive information on the target system.Th weakness exists in the PA-RISC CRYPTO_memcmp function due to improper authentication. A remote attacker can write arbitrary data.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=8593c3d6ba83fa5acf4bd55ff54c5481806a3596
- https://git.alpinelinux.org/aports/commit/?id=f23142862c2e144caac4022dba598819c072c867
- https://git.alpinelinux.org/aports/commit/?id=6380442a16252d6f1eec965cf2f024e19a6f88f2
- https://git.alpinelinux.org/aports/commit/?id=83e63ac7d0bf146b589567f44a14f716f4fc4362
- https://git.alpinelinux.org/aports/commit/?id=83efaea263b7c03fff18c3cd4a08f46fe6d55ca0
- https://git.alpinelinux.org/aports/commit/?id=a415596b95083ed8e7e3b130e971b8227134a4a0
- https://git.alpinelinux.org/aports/commit/?id=d4baade662f4bfd0b0ab2a4706520298e35e8683
- https://git.alpinelinux.org/aports/commit/?id=fae1999a2c5cd5b89c04112d32ae78f2492cc28c