articles

Node v14.17.2(LTS)

주요 변경사항

다음 취약점을 수정했습니다.

  • CVE-2021-22918: libuv 업그레이드 - 범위를 벗어난 읽기(중간)
    • Node.js는 문자열을 ASCII로 변환하는데 사용하는 libuv의 uv__idna_toascii() 함수에서
      범위를 벗어난 읽기에 취약합니다. 이 함수는 Node dns 모듈의 lookup() 함수에서 호출하고 정보를
      노출하거나 크래시가 발생할 수 있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918에서 볼 수 있습니다.
  • CVE-2021-22921: Node 설치 프로그램의 로컬 권한 확대(중간)
    • Node.js는 Windows 플랫폼에서 특정 상황에 로컬 권한 확대 공격에 취약합니다. 더 자세히는
      설치 디렉터리의 부적절한 권한 설정으로 공격자가 확대 공격인 PATH와 DLL 하이재킹 공격을 할 수
      있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921에서 볼 수 있습니다.

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v14.17.2/node-v14.17.2-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v14.17.2/node-v14.17.2-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v14.17.2/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v14.17.2/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v14.17.2/node-v14.17.2.pkg

macOS Intel 64-bit Binary: https://nodejs.org/dist/v14.17.2/node-v14.17.2-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v14.17.2/node-v14.17.2-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v14.17.2/node-v14.17.2-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v14.17.2/node-v14.17.2-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v14.17.2/node-v14.17.2-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v14.17.2/node-v14.17.2-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v14.17.2/node-v14.17.2-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v14.17.2/node-v14.17.2.tar.gz

Other release files: https://nodejs.org/dist/v14.17.2/

Documentation: https://nodejs.org/docs/v14.17.2/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

fb4348515d67085153c58d7b5114ca71690e3938d6c6000a02a7977cf154290a  node-v14.17.2-aix-ppc64.tar.gz
e45db91fc2136202868a5eb7c6d08b0a2b75394fafdf8538f650fa945b7dee16  node-v14.17.2-darwin-x64.tar.gz
1b5227ec537a456ce4f3af9631db652e7fd3ab8ac7b9a38be117e0bc2f54d1d5  node-v14.17.2-darwin-x64.tar.xz
ccda5c3ce6dd51e6901cd227c1e6b39b17efa1dfe17fcc5ae1cde15d88cbb05c  node-v14.17.2-headers.tar.gz
935e8661db59ab51e4079fbcafd70185ad65ac0924cc48209d976faf69a3b286  node-v14.17.2-headers.tar.xz
05117e74f424fd4ab744c3013c77906c5fe4a19fa22ce624a21986ce152fd258  node-v14.17.2-linux-arm64.tar.gz
3aff08c49b8c0c3443e7a9ea9bfe607867d79e6e5ccf204a5c8f13fb92a48abd  node-v14.17.2-linux-arm64.tar.xz
c5b3447eda84a402e604a3ca317747f8f3661b1c9cb68f73a2e2f5a39ed95533  node-v14.17.2-linux-armv7l.tar.gz
0ef956711d6f984b2f7a2e8a3c5d1f274668fd50ba73a4f4580dc72e4d7dff87  node-v14.17.2-linux-armv7l.tar.xz
d94681c9953a68cfbc3903edbe680d9068581c140a5d24c265e557c2e0a57a51  node-v14.17.2-linux-ppc64le.tar.gz
64364f96ff04083bf91ee82a2e27ae6d45a4b8512d38e70da976909db5400d2a  node-v14.17.2-linux-ppc64le.tar.xz
9b60ec8bb3675f3648b1474a4d911838ca11630e07ec99230a078937e73be158  node-v14.17.2-linux-s390x.tar.gz
76f955856626a3e596b438855fdfe438937623dc71af9a25a8466409be470877  node-v14.17.2-linux-s390x.tar.xz
48cc87b7adb13f479643166a16514861556d0936761b317a3b65f4fbbb265b4d  node-v14.17.2-linux-x64.tar.gz
6cf9db7349407c177b36205feec949729d0ee9db485e19b10b0b1ffca65a3a46  node-v14.17.2-linux-x64.tar.xz
16286b9d41238dc85af791aafc71523cdc8456cd7eccebdf92f8368ce879e363  node-v14.17.2.pkg
03bea54a68c6fa8b520c273a1dc80f2fdbf80ddc9c303200d2eeaf25bd7e62fa  node-v14.17.2.tar.gz
4f5fb2b87e2255da3b200ed73ab076002e4b088df0027ec85e25541a6830583e  node-v14.17.2.tar.xz
6f59257b20861efb506f9b7f5b8587a310c6df6de4d719324ae8f3dcda68bcbc  node-v14.17.2-win-x64.7z
0e27897578752865fa61546d75b20f7cd62957726caab3c03f82c57a4aef5636  node-v14.17.2-win-x64.zip
b5b2f6d2523b0c60399111b4c60ee3066d6e7e51fe22ce045c5181d52dd2dd20  node-v14.17.2-win-x86.7z
308e3e2228cd6b0e991fd9d23dcd0c57f913926355adcb702f9660a1574a79fa  node-v14.17.2-win-x86.zip
452a94f6db29ea6ef298cb731765c615624eed2c8bd8746c827d5abbed89a5de  node-v14.17.2-x64.msi
92443d36339a76f39102e785ecf663a072d26c9c45a2b4b68ddb82ae54345682  node-v14.17.2-x86.msi
140fd660d63eab02812ec583a4c958c9252f041a92d76047c63ac34d773aab66  win-x64/node.exe
2166a3ae8728f872727ced97eaccdc8e463ae3c00b7dcb94c3b9da80feedb735  win-x64/node.lib
a79264dcce6c4f6aba147aee4bfd9e6b69b4134f07e487d381efecf771f7e275  win-x64/node_pdb.7z
2a57321f0767c3a89a8dfd5355ac2c0ccdec728da97a8f5bd3bd53ea4252eb0e  win-x64/node_pdb.zip
2695c86b7000623119abfd7b9aed48c04d5ae4247ea7398ff2c77f61907d531f  win-x86/node.exe
bab3fdbacbd6621e27762c559041723dc35d3122ddfd153f81315aaab78646ae  win-x86/node.lib
dc5a8c41b0ceaea49dadd0ff53b25837809a90e75222b3f34c5c01325a52bd26  win-x86/node_pdb.7z
f5e6ae2fcc35f94749e8404f909734649e5617ac3e41ce326fb2601cbf72c862  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmDd4UIACgkQxDzsRcF6
uTwCdQ//ar0hKWBOIKQUFpAuAFGvrlZRz6jPdRVb+4VK6NahRDNf0fbyQjepOcI0
sDTRptjlgPOYpvNTKUHr7BaMCPsPnpw6rVbdVpcXhYf3ZqCd2xyVBte8zqTPbHkp
RHoEwG+Qw/qVt6BKEFfONfw437eTySMBPFzMjKbyTBrU/LgY4esMTSlsnwPy1R6M
CblH3M6kIvMadA1DN4yKH751IXX3/nvW+rwo/eNIiAfEzwFkXMcL73u5+rhq9SZG
SLT7jyM+6qRAGPGF1uxG/nnj4tjCSkAWF9v5WKyElrJfJxga1rJECMr8KaBXcQW0
KPoeKIqEhtDgxWwTRCkghXYSAl1uLqnx7AU3XPrT557kGCPr2FcV0V3+McQ6T0Cc
8AXA9gNjlEgU2BGe8p3VUyCwjfFXfnNdPcD3OaZvoiMGWIB9Ty1sJeGmvse783ID
KIoc+qnmB966Qh1WvTdl3S5V9sVVXgk9xUOToXpbfFoUDXMmsQe5lwr4VB6YHVGt
8f0iM8dVfkjA2qc1tgfmTyPMMlPIGB1iNVwMuSm4WCpe924py0boI+j+dp6NGhrn
YymRG1cER45uNmFLN8Q30mDAFG5pWAsC2UMgZYzqFXBL0PdTrtYSL56vQkD6RLgT
aD3s8r/vtxQ0gZZQW8s7Zg9OXHSbPZRXjg31OpTQPrk2BsTAkfM=
=08xu
-----END PGP SIGNATURE-----