Node v6.7.0(현재 버전)

중요한 보안 릴리스입니다. 모든 Node.js 사용자는 수정된 취약점에 대한 자세한 내용을 보안 릴리스 요약에서 확인하세요.

주요 변경사항

Semver 부 버전:

  • openssl:
    • 1.0.2i로 업그레이드, Node.js에 영향을 주는 몇몇 결함 CVE-2016-6304(“OCSP 상태 요청이 무한 메모리 증가로 확장, 높은 심각도), CVE-2016-2183, CVE-2016-2178, CVE-2016-6306을 수정했습니다.(Shigeki Ohtsu) #8714
    • 1.0.2j로 업그레이드, 1.0.2i에 포함된 CRL을 사용할 때 충돌하는 결함(CVE-2016-7052)을 수정했습니다.(Shigeki Ohtsu) #8786
    • 동적 서드파티 엔진 모듈 지원을 제거했습니다. 공격자가 Node.js 런타임에 동적 엔진 모듈로 가장하여 악의적인 코드를 숨길 수 있습니다. Ahmed Zaki(Skype)가 처음 보고했습니다.(Ben Noordhuis) nodejs/node-private#73
  • http: CVE-2016-5325 - ServerResponse#writeHead()reason 인자의 허용된 문자를 올바르게 검증합니다. 응답 분리(response splitting) 공격의 가능성을 수정했습니다. 이 변경으로 HTTP 응답 설정에서 throw가 발생할 수 있습니다. 사용자는 이 부분에 try/catch를 적용하셔야 합니다. Evan Lucas, Romain Gaucher가 각각 처음 보고했습니다.(Evan Lucas) nodejs/node-private#60

Semver 수 버전:

  • buffer: Buffer.concat()으로 생성된 새 Buffer 객체에 원본 Buffer 객체의 총 길이를 초과하는 totalLength 파라미터를 넘길 때 초과된 바이트에 0를 채워넣습니다.(Сковорода Никита Андреевич) nodejs/node-private#64
  • src: crypto.pbkdf2()에 빈 패스워드나 솔트를 넘겨 치명적인 오류를 일으킬 수 있는 회귀를 수정했습니다.(Rich Trott) #8572
  • tls: CVE-2016-7099 - 올바르지 않은 와일드카드 인증 검증을 수정했습니다. TLS 서버가 자신의 호스트 이름에 대해 적절하지 않은 *. 와일드카드 검증 때문에 올바르지 않은 와일드 카드 인증을 할 수 있었습니다. Alexander Minozhenko, James Bunton(Atlassian)이 처음 보고했습니다.(Ben Noordhuis) nodejs/node-private#75
  • v8: 얼려진 객체에 정규표현을 사용할 때 충돌이 일어나는 회귀를 수정했습니다.(Myles Borins) #8673

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v6.7.0/node-v6.7.0-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v6.7.0/node-v6.7.0-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v6.7.0/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v6.7.0/win-x64/node.exe
Mac OS X 64-bit Installer: https://nodejs.org/dist/v6.7.0/node-v6.7.0.pkg
Mac OS X 64-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-darwin-x64.tar.gz
Linux 32-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-linux-x86.tar.xz
Linux 64-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-linux-ppc64le.tar.xz
SunOS 32-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-sunos-x86.tar.xz
SunOS 64-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-sunos-x64.tar.xz
ARMv6 32-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-linux-armv6l.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v6.7.0/node-v6.7.0-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v6.7.0/node-v6.7.0.tar.gz
Other release files: https://nodejs.org/dist/v6.7.0/
Documentation: https://nodejs.org/docs/v6.7.0/api/

Shasums (GPG signing hash: SHA512, file hash: SHA256):

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

69fab7a1ebeee54d5e3160eb9366e88a61500731fad86dee98c79c4a14b56bc6 node-v6.7.0-darwin-x64.tar.gz
b10270f028be73771fa8536f0c69b33f30e1bb1fd15d9a493a7365cde56af0d2 node-v6.7.0-darwin-x64.tar.xz
42f0fdcd937409842d76a5852782acfdb0b6fa8e3520df6694f2abaa7c9e942c node-v6.7.0-headers.tar.gz
f6ddea52f8b13bcece38c965d13f6073bd7980dadcfd903b8c1872f6d8bbacb7 node-v6.7.0-headers.tar.xz
45ffd727bcab41a544ad7862fe985f6beac4fcd96c63e116ca467d1147ba6454 node-v6.7.0-linux-arm64.tar.gz
87f59a19d9a44ff938a553425c5c82a46be1f0cd43bf7c256e1c4fb61833a82a node-v6.7.0-linux-arm64.tar.xz
0f8e0dbaa6bcccd22db75077fed1afb28c2b225b6cdc185913178ae395a68ef9 node-v6.7.0-linux-armv6l.tar.gz
bf07229d718ebe3a8d8bc59cbf06d945b89045285e44f36f516c8e0f65a5302b node-v6.7.0-linux-armv6l.tar.xz
1e7e138ba8c54d7a0fbf5e3f188442a14a70409dc154b74b17635bcff74e4a81 node-v6.7.0-linux-armv7l.tar.gz
18b6d9df3e2aaba2d72e1f4c3cfdd3b963c23faa64d3ad72d5690959bc3dde08 node-v6.7.0-linux-armv7l.tar.xz
87f7dd1776bffd569d4f619dde99caca215c073f7d26853e16d6f93fcf681113 node-v6.7.0-linux-ppc64le.tar.gz
fc1b70f866a1c1972c55cc5d2a506f0dcc623e749d6cbe470d650c7c631f231e node-v6.7.0-linux-ppc64le.tar.xz
e8ce540b592d337304a10f4eb19bb4efee889c6676c5f188d072bfb2a8089927 node-v6.7.0-linux-ppc64.tar.gz
6ee874b6567f7f06708f6ccb66a27dc7317b4c493b7a6c3bb49c1e53c4bdf31e node-v6.7.0-linux-ppc64.tar.xz
e0f2616b4beb4c2505edb19e3cbedbf3d1c958441517cc9a1e918f6feaa4b95b node-v6.7.0-linux-s390x.tar.gz
647bacc68bd0101b04074d5740492a6511dee69e23a7ff03765674d7a9fa93df node-v6.7.0-linux-s390x.tar.xz
abe81b4150917cdbbeebc6c6b85003b80c972d32c8f5dfd2970d32e52a6877af node-v6.7.0-linux-x64.tar.gz
09263a844c31933c6f31e576e580faf01d3bbb056efb8713388dc8d09674f8c2 node-v6.7.0-linux-x64.tar.xz
fa94c93a4a3600d68e003a399f5cf5e109c2d10505b4d9456373c25953eb9bf5 node-v6.7.0-linux-x86.tar.gz
e89a77020bd579186adbc46f6a668d3524f980c5fc75f63e1d5b5362423bcebb node-v6.7.0-linux-x86.tar.xz
c5d46d0f105ed652c9a353d8411558c9c4610db874f01ef07e57ad613e5d4237 node-v6.7.0.pkg
33f240dac58a1293a08b66ecd01a70849c693e3a9e58a94cb7ee92126a894984 node-v6.7.0-sunos-x64.tar.gz
9df8f3d1048065fccb1c1746cfd1f3a22ef46075399e7dc92d38949e37607de7 node-v6.7.0-sunos-x64.tar.xz
80dacf34a5e17f3eeabe15e212005daeaa189caa424a83a23f302a9fa5996565 node-v6.7.0-sunos-x86.tar.gz
14bdf36ae5510a6565af69e1db651d34e75d2846a363610b6669b8c78e404b2a node-v6.7.0-sunos-x86.tar.xz
02b8ee1719a11b9ab22bef9279519efaaf31dd0d39cba4c3a1176ccda400b8d6 node-v6.7.0.tar.gz
ceb028324aab1ee8c7ea6a62026f036f3ea71f5ef5212593d0f833f999dd3be5 node-v6.7.0.tar.xz
2eb013b15c718ec2b26768e6a325e73571ed1d2028af411307a1bbd549f709ed node-v6.7.0-win-x64.7z
59971f8ea9fb1ac4c55ca36303fe32a0714049cf8a10843dbb5924a5d0624659 node-v6.7.0-win-x64.zip
8b4448e56223aed8c316b67336fdd1d94aeee71033934fb6bc071a358c5c8719 node-v6.7.0-win-x86.7z
d75bebea562a1da0965adc8f94d2c5a38a22cfc57959d37c5c1aeec4ea9f1c83 node-v6.7.0-win-x86.zip
2185a16f8a32087b75708b08d7e482a14597765c41d6b3711a8e6ed3a3358213 node-v6.7.0-x64.msi
0801c283200ac263cc0ca014f5d8e0ee531e1ebec6e99645a0bdd04b996c1605 node-v6.7.0-x86.msi
7ab8714273a9a1fa464ded6b543b52b6fb56c7d2c3d08ebe312b1c1be72a1477 win-x64/node.exe
17c521d3b19886f826f818b9806bb4d2af4615d5bf850c257dcdaef897e8ccaa win-x64/node.lib
fa2f32b9f8ac97d26bb58da59c8a7299de5bd9f25b8879f8787ecd0ffbd36c3b win-x64/node_pdb.7z
815d202704373b9894c5dc113d2a2812be5e73431f8061707e0fd012cbc0b8cc win-x64/node_pdb.zip
a2e58867917250e013a49c4210b36aba04715159a71edcfb510c6225e3dab184 win-x86/node.exe
641503fd3d41c1bc04a95ee38e6dc2ffd9c9e5a35b3f5bfecb25965c963f2d17 win-x86/node.lib
36265c44782a8456b289c4776bf5de5ed648982f2b8dc97e17acd76258e249cf win-x86/node_pdb.7z
2d8a25ba8e212715050ee03e4b0b9f547163ffaeb75288c9508a06e469677ff6 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQIcBAEBCgAGBQJX6xF5AAoJELY7U1pMIGypw8sQAM0o8jAf5AlM3apyFJIm8q3P
8z7LsyOm/gX04h6U4xONVybx0uxqkoCs/Bk9JSJdxdc9qMM4FLxbf9W3se61FZQa
fYva3cXiAm/riUxO5vbghBNzKgE8aLFeOiuEIL5c+UzaxjFs8eY6oRfqYN87jNcB
95T3krvYGY9pA39Cyr1mBbCJq8AdjcM/ve6wqcjQDGswZF5Yq+yd94Z1qzCWzB2u
8yLcLaaoyVy2BvFg/11XgK9xK7w1KpxHK+jIzVVDE9dVoQc1pcQQZR72mYVIQFUt
jCJ69T5Usnil1ucswmfk7d1vvX1NdIawaol6AjEErO1APZsVew+TCJyvwq4uLAA2
kvgiVF/8Pe3ZdF1x9+vWz1JvEXpmehOlJ9fRv3bZn20W3/GIeS5NA+AgJrr6H65D
Trv6juvBceu2wGeBer8XCzql+9Pk4k87vARcExEKxsOU57lZ4mgaX5aMfTaNtTnp
zm5+ajGNnEZ4tjR91do6JXMF8/5MHmP93vFOwsrANabBe4sjd3u3BIbAVlkS74z0
bLZeo2dM18p3RdDw2Szo5jTSjuIhCV+5wNKxLoNjLSoYC6fSwAod+FuCXoWZZi6/
1eF4uFXik9m3ifInj6KKjCfKql8Rh6siHu2AsOjxaE/UyKY27HpXbtWpIhvM4Ht5
A0X+c5AUaeTAxt30L2PG
=+Moe
-----END PGP SIGNATURE-----