Node v6.17.0(LTS)

보안 릴리스입니다. 모든 Node.js 사용자는 https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/에 있는 보안 요약 문서에서 패치된 취약점의 자세한 사항을 확인하기 바랍니다.

이번 릴리스에는 다음 CVE의 수정사항이 포함되었습니다.

  • Node.js: keep-alive HTTP 접속의 서비스 거부(CVE-2019-5739)
  • Node.js: keep-alive 모드에서 Slowloris HTTP 서비스 거부(CVE-2019-5737)
  • OpenSSL: 0바이트 레코드 패딩 오라클(CVE-2019-1559)

주요 변경사항

  • deps: OpenSSL이 CVE-2019-1559 문제점을 수정한 1.0.2r 버전으로 업그레이드되었습니다. 특정 환경에서 TLS 서버가 유효하지 않은 패딩을 포함한 0바이트 레코드를 수신할 때, 유효하지 않은 MAC을 수신할 때와 다른 응답을 클라이언트로 보내도록 하는 문제가 있었습니다. 이는 암호화된 데이터를 대상으로 하는 패딩 오라클 공격의 기반이 될 수 있습니다.
  • http:
    • keep-alive 모드의 HTTP와 HTTPS 접속이 예정된 시간보다 더 길게 열린 채 비활성화 상태로 유지되는 문제를 방지하기 위해 server.keepAliveTimeout을 백포트했습니다. 앞서 언급한 문제는 서비스 거부(DoS)의 원인이 될 수 있습니다. (CVE-2019-5739 / Timur Shemsedinov, Matteo Collina)
    • keep-alive 모드의 접속에 server.headersTimeout으로 설정된 수신 타임아웃을 지속 적용하여 HTTP와 HTTPS 접속에 대한 "슬로로리스(Slowloris)" 공격을 예방했습니다. 이 문제는 Marco Pracucci(Voxnest)가 보고했습니다. (CVE-2019-5737 / Matteo Collina)

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v6.17.0/node-v6.17.0-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v6.17.0/node-v6.17.0-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v6.17.0/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v6.17.0/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v6.17.0/node-v6.17.0.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-darwin-x64.tar.gz
Linux 32-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-x86.tar.xz
Linux 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-ppc64le.tar.xz
Linux PPC BE 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-ppc64.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-aix-ppc64.tar.gz
SmartOS 32-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-sunos-x86.tar.xz
SmartOS 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-sunos-x64.tar.xz
ARMv6 32-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-armv6l.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v6.17.0/node-v6.17.0-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v6.17.0/node-v6.17.0.tar.gz
Other release files: https://nodejs.org/dist/v6.17.0/
Documentation: https://nodejs.org/docs/v6.17.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

9eb3b9f5e754d803b5e0cdcd406cc2ef8e6656f6bdcf1a3bb1eab14b3ffd9cb2 node-v6.17.0-aix-ppc64.tar.gz
1d4f0a24c09e8e3ed1ac0e4b62aba0cb86e9a293eef6c7a63876ba120b760583 node-v6.17.0-darwin-x64.tar.gz
cc72836d5c351dd1c47ac431f496fcaac4185aefa9f35a994716dd0d79f602cc node-v6.17.0-darwin-x64.tar.xz
a1051c5529511b343acfc9cfb02515b7cd40e820fec571cff70d9afd4c48435e node-v6.17.0-headers.tar.gz
b53e3886514be3674125617caf5c761b849f197f0b64aeabb2821b2de30a241c node-v6.17.0-headers.tar.xz
443f7656c541ba66b4aa50a5fa81e34e38714851006194ed63fee9cf48936c73 node-v6.17.0-linux-arm64.tar.gz
427f6c0ad02d2ad8e203a2c4959fadeaaa6043ba8caf2e1978c4a4d5b38737ab node-v6.17.0-linux-arm64.tar.xz
40b3791472e581e7caa6f0d19cfe01d94654b7d0f2300302376f071f8fef468c node-v6.17.0-linux-armv6l.tar.gz
94b8cac4800b7a0000548b69d38421398d222ee939a94af4add4a56369ba1158 node-v6.17.0-linux-armv6l.tar.xz
ad3ea3925fb4d74c2d7d3fa7b23d48b97b01846e31ac6bf0a70ab6f2eaa67f65 node-v6.17.0-linux-armv7l.tar.gz
a3fea75b0b052327a8f7b1042b794d797a54b7f39280194037f82b78e8624570 node-v6.17.0-linux-armv7l.tar.xz
2a959dd29f8a0fe52bbe3a0e287dfe306fb6ed4a90d4bb61b3bf856ec11d4c33 node-v6.17.0-linux-ppc64le.tar.gz
7d832b04af7eb3cd233e686ed3fe40fd96b116b8dc9d3a0961a64572cfa8c0f4 node-v6.17.0-linux-ppc64le.tar.xz
53f5995fe09548eaef4869b26fe3c0415236a2e07b312cb4082bd6aa84868e14 node-v6.17.0-linux-ppc64.tar.gz
85a6cab4354ca4e62f4bc5ff1ef14111e3d193444fb6cf97cb5e918b8ede90fb node-v6.17.0-linux-ppc64.tar.xz
b3ae1a97ea093490c74c5a0ff8f0d8a9591c33545e06b176d3bce875e2a5ba9f node-v6.17.0-linux-s390x.tar.gz
b62dec10c48bc68786611788998bcfa4f2e7df4cf54e0188e601c647871a0fa3 node-v6.17.0-linux-s390x.tar.xz
547422724489a5391d4a137cd130020c73f8f8c721754c67c7692003fe2b6015 node-v6.17.0-linux-x64.tar.gz
a5b2be71bcb1f182e143748007ee2f7cae624eb3b84263d7d7ea004b33b27399 node-v6.17.0-linux-x64.tar.xz
5e0ac63b07c5dcf34c78d25400f1e6a3b6f41eae94e0a6a0571f60369d2e5534 node-v6.17.0-linux-x86.tar.gz
a09c05f8ea60406f44ef4a140d182c353c5679f693c08a5247811deac678f6eb node-v6.17.0-linux-x86.tar.xz
fa7a4f497bb81ecdb4e077d0bf429845649376581ffab89ab07b82c211c04832 node-v6.17.0.pkg
94b168a55c32e466407fa459df7f245f7ef7fefaf42cfeed9326e936716e308f node-v6.17.0-sunos-x64.tar.gz
4c4928e84afbbcf7ffb731b74f7d1dfa73f8f6cb17c0023e7f87cc009b1f4f08 node-v6.17.0-sunos-x64.tar.xz
707134900d321b331cea8c76959bf07239fed62998f04f8aa1e3fa76ca785b32 node-v6.17.0-sunos-x86.tar.gz
044f1e1226c7830af19d156090f9593269d9e2d755c842107407b3c1be39d072 node-v6.17.0-sunos-x86.tar.xz
ef7b5cdffd110c194ef25fe14e455e0dea0fd894550ba33aadb90b0da8e14be2 node-v6.17.0.tar.gz
c1dac78ea71c2e622cea6f94ba97a4be49329a1d36cd05945a1baf1ae8652748 node-v6.17.0.tar.xz
4757a015153d9beae528417a3259688be725dbffc9e0eb6458118845427d213b node-v6.17.0-win-x64.7z
c03cb9ff76c34c41d3e193ab5aa589d40dfaeb80cb0ee24662e547e1a35b1e3c node-v6.17.0-win-x64.zip
65108ba51eb52dcdca98f7d7846869a460926644ebcf377ec87bd55f9ae704c4 node-v6.17.0-win-x86.7z
e8f235072b90f374b6d46fe38cfc5ffd8f317aa0d42c4c9a31cc7b5c9f6dd240 node-v6.17.0-win-x86.zip
3a9171ab366ba45accc2ec898b50390d0020797b1cf16a16e9f3e105fcfdc95a node-v6.17.0-x64.msi
e3478fcf22e3395a41f34cf7e64527e6cc532c109e5a8d67ab1de213e53f780c node-v6.17.0-x86.msi
fdccb67349c2c558349097c204522297478acdaa50f2b916393d1ea4b23b4f23 win-x64/node.exe
858cd16b0124543466d663df5058abe3aeaa08f0e396a0619af749f8880f3f3b win-x64/node.lib
a2785a1878a13b0a4945ce1ec6db409164c3c50d8c8315d710b8b7b89c8205e8 win-x64/node_pdb.7z
c25956040e9b7717976d61896cfdadaa56dfee26a6066a83b3f4dc566a99ccf0 win-x64/node_pdb.zip
3f877b57a1e1384a64888ad30e92ae57eedc8bc83563eefa06ab6af37846744d win-x86/node.exe
3ab1236a78694e3e66dbf24d25016d03afefbce47be0d82cc80e454a0b089724 win-x86/node.lib
39306b9f993ebd672064b2c305eb48f003ab0ab5bfe9dfa62259ed98f80f33c2 win-x86/node_pdb.7z
c3f05efcf553c326e644c079efbbacffe704012109584527a052ae6dab04a610 win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE3Y8jOLrnUB491ax4wnN5L32DVF0FAlx44SAACgkQwnN5L32D
VF2X6gf+NxTSCd/RtjL+tBbJAeNBHg4/s8nn9kngEgq+q/ybbABub06BhnyoZUeZ
U6JKXM79586vKi0EV9whiVWGDGcenRNBHIwWcbHMFtsl0QrDiz6UdXvWniNN43cL
+Vx7Tmqil2J641UaicEM8h8A0xG60YNEOcWXMzLIuVF21mF+9qcvPKMSR0jDYy+6
CXJqerft43JpRR9AeN9Ol3kgiwA8mZ0tQRS7vPgjKCIcHfCz6hHEYSqWLcOuqAFN
eotHEXfLmXgprcqz/Z7It3pUPramtLYXMqM7PEX810hBWbGb3g0+MSD92stz2BLU
1B4cp5rS5mia2iaAbrw/bcPbdQVHbQ==
=bIfA
-----END PGP SIGNATURE-----