Node v8.15.1(LTS)

보안 릴리스입니다. 모든 Node.js 사용자는 https://nodejs.org/en/blog/vulnerability/february-2019-security-releases/에 있는 보안 요약 문서에서 패치된 취약점의 자세한 사항을 확인하기 바랍니다.

이번 릴리스에는 다음 CVE의 수정사항이 포함되었습니다.

  • Node.js: keep-alive 모드에서 Slowloris HTTP 서비스 거부(CVE-2019-5737)
  • OpenSSL: 0바이트 레코드 패딩 오라클(CVE-2019-1559)

주요 변경사항

  • deps: OpenSSL이 CVE-2019-1559 문제점을 수정한 1.0.2r 버전으로 업그레이드되었습니다. 특정 환경에서 TLS 서버가 유효하지 않은 패딩을 포함한 0바이트 레코드를 수신할 때, 유효하지 않은 MAC을 수신할 때와 다른 응답을 클라이언트로 보내도록 하는 문제가 있었습니다. 이는 암호화된 데이터를 대상으로 하는 패딩 오라클 공격의 기반이 될 수 있습니다.
  • http: keep-alive 모드의 접속에 server.headersTimeout으로 설정된 수신 타임아웃을 지속 적용하여 HTTP와 HTTPS 접속에 대한 "슬로로리스(Slowloris)" 공격을 예방했습니다. 이 문제는 Marco Pracucci(Voxnest)가 보고했습니다. (CVE-2019-5737 / Matteo Collina)

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v8.15.1/node-v8.15.1-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v8.15.1/node-v8.15.1-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v8.15.1/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v8.15.1/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v8.15.1/node-v8.15.1.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-darwin-x64.tar.gz
Linux 32-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-linux-x86.tar.xz
Linux 64-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-aix-ppc64.tar.gz
SmartOS 32-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-sunos-x86.tar.xz
SmartOS 64-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-sunos-x64.tar.xz
ARMv6 32-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-linux-armv6l.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v8.15.1/node-v8.15.1-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v8.15.1/node-v8.15.1.tar.gz
Other release files: https://nodejs.org/dist/v8.15.1/
Documentation: https://nodejs.org/docs/v8.15.1/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

9156fc8929f545981bfbafa4fe8ea3b8afeed9dacfb6e4bbc145ac86705c783e node-v8.15.1-aix-ppc64.tar.gz
f3da0b4397150226c008a86c99d77dbb835dc62219d863654913a78332ab19a5 node-v8.15.1-darwin-x64.tar.gz
aacdc9d5d8bbeaf47c398815147e052aac53cf19319f4c140c1798a82d419e65 node-v8.15.1-darwin-x64.tar.xz
6254529411abf790030fc72d43fe23f365799c198550e30d2fdc683f9407c299 node-v8.15.1-headers.tar.gz
6729d58fad4960259ea5233a87ef913e07b7a5118d4c6e3fecc4b3595c817345 node-v8.15.1-headers.tar.xz
0fcb30bc508097c0a13e7001a55f410802eda155c070cd5d125cd321332cc9f1 node-v8.15.1-linux-arm64.tar.gz
69e000d78342c3d39583922c57947a906ad723789d6294951deb10cbe8709605 node-v8.15.1-linux-arm64.tar.xz
a4b0ca0cd8b21224f676f05f6b4760d368935eed21e8ab96ceedb454e70770b4 node-v8.15.1-linux-armv6l.tar.gz
2bca1485fdbfd2a905d28409450b512eeaeb020ea50b5027d697f15e70bffa95 node-v8.15.1-linux-armv6l.tar.xz
e1fded2ef39967deef4f6a6921f86a66092c4bda1e9d207126fc7676797de98a node-v8.15.1-linux-armv7l.tar.gz
4be3cbf3bd0d0f30c8c2a3a4396fa1b78e6c5defc21dc176bf5da16782c4e1fa node-v8.15.1-linux-armv7l.tar.xz
6d122196856e633a645a07da25ada68ae8a841b8cdb962a69f6e9ec6110ee1bb node-v8.15.1-linux-ppc64le.tar.gz
efca9b7ca623223ba97dafd16627461075d9fbc9cc9958e91d9a1ff0feb92dc2 node-v8.15.1-linux-ppc64le.tar.xz
6dd32604a69cb3bb22583842e9a39f88d1ebaf9275fc0c8a870bd13bca0a872b node-v8.15.1-linux-s390x.tar.gz
11e78c00c62e588947eff4a658ff9d1a8ad5c3540d387b9a3b28ef11838a8748 node-v8.15.1-linux-s390x.tar.xz
16e203f2440cffe90522f1e1855d5d7e2e658e759057db070a3dafda445d6d1f node-v8.15.1-linux-x64.tar.gz
5643b54c583eebaa40c1623b16cba4e3955ff5dfdd44036f6bafd761160c993d node-v8.15.1-linux-x64.tar.xz
d7cb82569278baf46cac88128c0677e0499b066cd2dfe0223af82162e2a17185 node-v8.15.1-linux-x86.tar.gz
ca5b9ed2377fca5e66f66fa4e9ce4b0ffce6e065651d1c6398989b79d1d8c829 node-v8.15.1-linux-x86.tar.xz
b87fba0aade8caf51182e3ec3f6293cf8556b4368d7fb5f30e4679188c3b808a node-v8.15.1.pkg
bba1611a98486958eaa6bd1b0e62f9e41bdafa12344482becb47bda34eff0357 node-v8.15.1-sunos-x64.tar.gz
8cefe86dbd5de7828a0fdd3f6217625dce783c8d5ba52b25fa4cd6c4dc22b758 node-v8.15.1-sunos-x64.tar.xz
f2e4d7506f63268fba28583679ab0d0454bdd3c6826aa2f3f8fbd98914bfa1ef node-v8.15.1-sunos-x86.tar.gz
669b2a959b13ecdba7c722fbe21277dda4fca2b26b09899db493251986fe2060 node-v8.15.1-sunos-x86.tar.xz
413e0086bd3abde2dfdd3a905c061a6188cc0faceb819768a53ca9c6422418b4 node-v8.15.1.tar.gz
6b6486a3f452624941f6e11dd5f878c298d43e9c21b5f43ca1721dc7ce25add1 node-v8.15.1.tar.xz
539457de89d5c01f2b69452d0d6ddba812b0d321465df22c85aa39ef4a41da8b node-v8.15.1-win-x64.7z
f636fa578dc079bacc6c4bef13284ddb893c99f7640b96701c2690bd9c1431f5 node-v8.15.1-win-x64.zip
1b65532abb5e1c78ef3b6766fbe849b44e33bbcc8da4a4340c3530eca77adc29 node-v8.15.1-win-x86.7z
ce38c64c7f2921b1aa7f8bd4d2e89944f731b000fc8b7fc4930e957c75b04ea4 node-v8.15.1-win-x86.zip
a2c41856db0c5663e967e5ef95eec2f968317a6dc7f0c0695c9d231c676c1c4f node-v8.15.1-x64.msi
c6e9b1fc0d2defcec084abece599c173b88755c9968cd4cd4e462f2b7cdff166 node-v8.15.1-x86.msi
88c916e702e63de0530cdaacaa5f084d07dda590840c2adb297cdb470c7ddeaa win-x64/node.exe
6aee1f00180ccd12f48027d0ee531de0eef2ef391028800352dde77a1d87d161 win-x64/node.lib
0d2b0fa8c2432586dc1738ebe81126c7ca5a96e8acffc271859351714d0ec195 win-x64/node_pdb.7z
3add728eba3cd329819233604073457b9752b7dab6bbce420f1f7ccc0dd038dc win-x64/node_pdb.zip
c21d787cbd585c0db2a02267bb56dd3e36e6d06f7388cdd01c96b60a49642338 win-x86/node.exe
3de0c35989d92515996dc42ed029716954706a01c728ccd5ebe37dc489483d60 win-x86/node.lib
b046a83c3b4d5d029c929f3a739c2f97917e08547c16a3f9e6695d1f40c36ab4 win-x86/node_pdb.7z
bb67de498e64e068110b7c36f657d1bd6b8d956d7821a323946d2af365503a3e win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE3Y8jOLrnUB491ax4wnN5L32DVF0FAlx44TkACgkQwnN5L32D
VF1Apgf/VrQvCUbc5zz7RAlFvZ3GAWyPTkacVuMRaC/8fu1aG7Bz2RcnBjQvRpv2
J2n4HEZ1waSN4gw6zup0Oxypl2fx9pi48tG2UqG390y6Ace6rv3JIZD19O4y65ZE
rPWAvvLgNlB1/ctxD3sgkUHhAyA7Mz6eoRIq3DS0Jv49cLnHalelhGlcPNmFYpzK
yagFEgj8Gy7EJzRMOJLOB5RypBXFt31gIreSy96wJz78Bwf3FJ1RhXRwMLcb8R53
fDUJihP/cpP+LOTIPH8b4+ojxPwBuePBIpEogDtPYnEEL6DbYk+G8m+fxv0sNAFc
TzfNSZcE++oahwsV+FxCfQgFWga62g==
=y2yr
-----END PGP SIGNATURE-----