articles

Node v16.4.1(현재 버전)

주요 변경사항

다음 취약점을 수정했습니다.

  • CVE-2021-22918: libuv 업그레이드 - 범위를 벗어난 읽기(중간)
    • Node.js는 문자열을 ASCII로 변환하는데 사용하는 libuv의 uv__idna_toascii() 함수에서
      범위를 벗어난 읽기에 취약합니다. 이 함수는 Node dns 모듈의 lookup() 함수에서 호출하고 정보를
      노출하거나 크래시가 발생할 수 있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918에서 볼 수 있습니다.
  • CVE-2021-22921: Node 설치 프로그램의 로컬 권한 확대(중간)
    • Node.js는 Windows 플랫폼에서 특정 상황에 로컬 권한 확대 공격에 취약합니다. 더 자세히는
      설치 디렉터리의 부적절한 권한 설정으로 공격자가 확대 공격인 PATH와 DLL 하이재킹 공격을 할 수
      있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921에서 볼 수 있습니다.

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v16.4.1/node-v16.4.1-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.4.1/node-v16.4.1-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.4.1/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.4.1/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.4.1/node-v16.4.1.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.4.1/node-v16.4.1.tar.gz

Other release files: https://nodejs.org/dist/v16.4.1/

Documentation: https://nodejs.org/docs/v16.4.1/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

d0f079c4bc78ee9e1eb646434bc52730c59e433f75febee70ee5506a5526eead  node-v16.4.1-aix-ppc64.tar.gz
c6e2a79873c4afbd9fcd7e9d2889e2a7b84860bea472a07ccbe33387397990f5  node-v16.4.1-darwin-arm64.tar.gz
e8d2c3e90e93f3456e8f33e900c4eb404f8456b584e78550a12218aa89689fff  node-v16.4.1-darwin-arm64.tar.xz
c78fecdfb062c51ba0432d1c6bb8f30eb14daf47001a5f68d17b3ae6d4d9eb31  node-v16.4.1-darwin-x64.tar.gz
3840f63f73513bfe60aac2a7180501f2b7e8b04806ed0ff0c100042f01bf5612  node-v16.4.1-darwin-x64.tar.xz
85b46ae7c3f2f6482a9a009cffe36ae4ead98f936d05a4e602eb32de148c4345  node-v16.4.1-headers.tar.gz
95d1cc071266739cbb2421a8419bae13652007701165549f0ae584863d11dd8e  node-v16.4.1-headers.tar.xz
5d50cb3ce5b5ecccead1d0cf4e18e038c580e10733ff510f73d04a711092569c  node-v16.4.1-linux-arm64.tar.gz
7519f43bc704bbb86af6162bad967eb0a277466b6b8c3e0b17dd367d86a97b27  node-v16.4.1-linux-arm64.tar.xz
b8df70739ffb058d4771722384e818fc5f9f0a5e096a45f1bfe7919b3173d32e  node-v16.4.1-linux-armv7l.tar.gz
ab8a575ffd154b1faab4c94be5bcb961f6ed1dcc79afa18489dcdb1eea7e660b  node-v16.4.1-linux-armv7l.tar.xz
49a3f2958e1e822d4053adf7c006ccf230ca7dc4f830bea789163fd093184160  node-v16.4.1-linux-ppc64le.tar.gz
72607271437948a6470063bc8bbb622ae1da60899217526b60ab2594fdff6b10  node-v16.4.1-linux-ppc64le.tar.xz
c3162a66943a0871423f94c8697c0bbfa2dc8a8474e63fa67a0cdd7f3618aca7  node-v16.4.1-linux-s390x.tar.gz
d472d95911c46bcae6e83ce2ea4312d544ee5ead6d8a6639ba40e51ad5678269  node-v16.4.1-linux-s390x.tar.xz
21181395c11ee1d13c05c4e07b1f4e36ba501d92030ac60a901291c50915b320  node-v16.4.1-linux-x64.tar.gz
3c73b58051a4435d605f9842e582a252e100d5ff62e0a30e3961cab71e8477b1  node-v16.4.1-linux-x64.tar.xz
d4eec360becc29d06b4ee7ee41ab3bf07bd8f4d979d911e18b5ed4ba9841a17f  node-v16.4.1.pkg
562df905fdc9c8b3854fea1c755cc969b3c1437774d28b513457cc4034136458  node-v16.4.1.tar.gz
769014432ed8e16267c70b834999e76c48193cd8523ca4f3ee4eadaae7f32aa8  node-v16.4.1.tar.xz
0bec96b5b22ca6d4eead44003011fcdb44af0d331bb1fc8af0647f95cd9feb65  node-v16.4.1-win-x64.7z
f2f0dfc9ee54aff908575734713c482d76bfbed14dcfaea4931fff7450753f25  node-v16.4.1-win-x64.zip
2eec50ab1e34eb99af2819dd92a272e44944dc5b3fbf74c3ab25355feccc97c4  node-v16.4.1-win-x86.7z
a505508994890e418757ea88a55a9685914f57643ec5fb5737c28c5c8b6a1abe  node-v16.4.1-win-x86.zip
a6c50420ab8e65df482e841a41a309582445480f2682e58ba3af30edf558b43b  node-v16.4.1-x64.msi
f05522114177fd5acf49b2c81aca438f3c88284c5d69196efc2df8bb43cb8090  node-v16.4.1-x86.msi
3b69159360b235d20cd8a35a63562ffd8e96f1032dbd3c0980a6ff794968cc07  win-x64/node.exe
4b5caea50ee2170fd752225477d77a8818965e3e8cbb9871ecbddf32bd6ed94d  win-x64/node.lib
ba7c1a22e2a59a73aaeab4c8d56826b705c2da00a57c94d3a3d6b1b460cb8cff  win-x64/node_pdb.7z
36b27e73b3132bc6fae11d75f648fe4c35efef2002dfed03a9784f145445f17e  win-x64/node_pdb.zip
8fd7ef41cf3a394ace65922babe7db8108374cf0c4cfba5613be61fb147cf141  win-x86/node.exe
e899517caf4e57f674ff37ca8c9db892d676d86960698b2663bbe16e82fa2542  win-x86/node.lib
aafaf686584d890a7b580cb16a9f898a299f3a1c91ae720224a858a9bc5c2f89  win-x86/node_pdb.7z
359ef4b5be217ed189910ae806a57fa555874a5ae2b2e1200b2754ff90942a1c  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmDd4aEACgkQ1wYoSKGr
AFyTuQf+PGAx0iu/qHynzVfoiixzCeugk9HEegU2Sj8oovmnok/bGKFxWTTl+SYj
6h70KpfObXgy5TyczvX1KsuabcFQ+wwSASUtnJcnaG1bKwP1JJOZbvKUwkxEVtDe
/jV1sUr8eAgI0K9SwKn7jRGwaUp88XEKdxlX9Vbio91X0OD9KWkilg6haX+/ccLa
AlaOgmo4lvP8kgycD1AKytZwQOA+BQqhF86C1/+QIQa5EiP/mWztZEzpvUMxFvwU
/CPZPriYuOvXIfzbthGJOEfccU25VJKNaJTIj12UEH54UjWnz0UPCZhQLtBUwLmC
odXiC6kU7Hjq2bFq+Gss4fGmt7LvAA==
=e3hn
-----END PGP SIGNATURE-----