Node v10.23.1(LTS)

주요 변경 사항

이번 릴리스는 보안 릴리스입니다.

다음 취약점을 수정했습니다.

• CVE-2020-8265: TLSWrap의 use-after-free (높음)
  영향을 받는 Node.js 버전은 TLS 구현 부분에 있는 use-after-free 버그에 취약합니다.
  TLS 가능한 소켓에 데이터를 쓸 때 node::StreamBase::Write는 node::TLSWrap::DoWrite를 호출하며,
  이때 첫 번째 인수로 새롭게 할당된 WriteWrap 객체를 전달합니다. 이 객체는 DoWrite 메서드가 에러를 반환하지 않으면
  호출한 함수에게 StreamWriteResult 구조체의 일부를 반환합니다. 이는 서비스 거부 혹은 잠재적인 다른 보안 문제를
  일으키는 메모리 오염으로 악용될 수 있습니다.
• CVE-2020-8287: Node.js의 HTTP 요청 스머글링(Smuggling)
  영향을 받는 Node.js 버전은 하나의 HTTP 요청에 두 개의 동일한 헤더 필드를 허용합니다.
  예를 들어 두 개의 Transfer-Encoding 헤더 필드가 존재할 수 있습니다. 이 경우 Node.js는
  첫 번째 헤더 필드를 사용하고 두 번째 헤더 필드는 무시합니다. 이 문제는 HTTP 요청 스머글링 문제를
  일으킬 수 있습니다. (https://cwe.mitre.org/data/definitions/444.html)
• CVE-2020-1971: OpenSSL - EDIPARTYNAME NULL 포인터 역참조 (높음)
  이 문제는 Node.js를 통해 악용될 수 있는 OpenSSL의 취약점입니다.
  더 자세한 정보는 https://www.openssl.org/news/secadv/20201208.txt에서 읽을 수 있습니다.

Commits

• [bd44b0ee7f] - build,win: accept Python 3 if 2 is not available (João Reis) #29236
• [d5c9b09bdc] - build,win: find Python in paths with spaces (João Reis) #29236
• [323a6f114a] - deps: update http-parser to http-parser@ec8b5ee63f (Richard Lau) nodejs-private/node-private#235
• [f08d0fef64] - deps: upgrade npm to 6.14.10 (Ruy Adorno) #36571
• [b0608b574a] - deps: update archs files for OpenSSL-1.1.1i (Richard Lau) #36541
• [d936e1833f] - deps: upgrade openssl sources to 1.1.1i (Myles Borins) #36541
• [9c4970715c] - deps: upgrade npm to 6.14.9 (Myles Borins) #36450
• [aa6b97fb99] - http: add test for http transfer encoding smuggling (Richard Lau) nodejs-private/node-private#235
• [fc70ce08f5] - http: unset F_CHUNKED on new Transfer-Encoding (Fedor Indutny) nodejs-private/node-private#235
• [7f178663eb] - src: use unique_ptr for WriteWrap (Daniel Bevenius) nodejs-private/node-private#238
• [357e2857c8] - test: add test-tls-use-after-free-regression (Daniel Bevenius) nodejs-private/node-private#238

Windows 32-bit Installer: https://nodejs.org/dist/v10.23.1/node-v10.23.1-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v10.23.1/node-v10.23.1-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v10.23.1/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v10.23.1/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v10.23.1/node-v10.23.1.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-sunos-x64.tar.xz

ARMv6 32-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-linux-armv6l.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v10.23.1/node-v10.23.1-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v10.23.1/node-v10.23.1.tar.gz

Other release files: https://nodejs.org/dist/v10.23.1/

Documentation: https://nodejs.org/docs/v10.23.1/api/

SHASUMS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

33bf67ad4a5843b0c1a5a9f3800ccbe1f30b068889177049bd6faca4a843c64a  node-v10.23.1-aix-ppc64.tar.gz
07da39e4c122d1cee744f3a3ace904edf23c3256879adedafcca6a1da4ca4681  node-v10.23.1-darwin-x64.tar.gz
febfdabd98ab5b8f8fdff32ab8c111d834083805bf042ab65c923cc22609c99d  node-v10.23.1-darwin-x64.tar.xz
a877aa44822994b21312a054e05db8a7784391acffd1c1fc85291a014e129c76  node-v10.23.1-headers.tar.gz
d2492742a95a74f2bada841203e9390831c37bfec7580cf0605cab3f521f7bae  node-v10.23.1-headers.tar.xz
e7d0476b1e9add7b21297698517356bb7c7d7f10e75f5abad6ab5806518a6cd6  node-v10.23.1-linux-arm64.tar.gz
9b923a161d80d2802241538c8f2099705163fc7f0dcd886d2274d8d6adf4f58f  node-v10.23.1-linux-arm64.tar.xz
75f04c8c26b83afe40eb1de97a04efca1adf1dd2ad1b887bed297888d7760aaf  node-v10.23.1-linux-armv6l.tar.gz
5f77882103c03e6a486bd11a7218ef6ae9a720172f9369a4a3fa4c5fa21d653b  node-v10.23.1-linux-armv6l.tar.xz
8f965f2757efcf3077d655bfcea36f7a29c58958355e0eb23cfb725740c3ccbe  node-v10.23.1-linux-armv7l.tar.gz
a26aa4d9b2ac37c49d3f7c6198502faee3806f6386559aeabc8ac1bf02f99b59  node-v10.23.1-linux-armv7l.tar.xz
46e590ecef7bfa76e2de1f57e0a1b0b0df2bd0142a25e2329ccfbd9fc33e7cc8  node-v10.23.1-linux-ppc64le.tar.gz
4390158e7230be4968dafe94524a8c7fb65b7c622753146d4238306a5733340d  node-v10.23.1-linux-ppc64le.tar.xz
7b51c8bc1d15fac73245685437079ca6952c38560d94732630645a61303d6b47  node-v10.23.1-linux-s390x.tar.gz
615962749dfe497d455426bc3097978b0504e0988e8bd198c0d202896056c245  node-v10.23.1-linux-s390x.tar.xz
2a5f9d862468a4c677630923531e52339526cfd075cc6df30da4636782eb7bda  node-v10.23.1-linux-x64.tar.gz
207e5ec77ca655ba6fcde922d6b329acbb09898b0bd793ccfcce6c27a36fdff0  node-v10.23.1-linux-x64.tar.xz
8e963dd9cba374d610c33609faa36f37589e315e97b855c6aeccf02844d194f8  node-v10.23.1.pkg
5c6e8f40b3d36d59035d998bbcaffbd9a326efa57c15c32941c23529f1a2da6c  node-v10.23.1-sunos-x64.tar.gz
776c17af00d8a758f0fd41b00cd1f173a1f8787e5f850d1c7fe0a515655dfffc  node-v10.23.1-sunos-x64.tar.xz
a5348b5dfdbe32e0be2837576e66ac285a59907e11e5439fbcda25e70f52550d  node-v10.23.1.tar.gz
88aa16f5af79615b183ca55ed81393763169e75d1fb96013cf1831895c6cedfa  node-v10.23.1.tar.xz
b4808da108c43de909bc704ce6ef4bba6b9c1f054879253b9810d078c6e70764  node-v10.23.1-win-x64.7z
497996aa1037b6f7f492c1d275bb90140269223939525286b4e95babad16f0de  node-v10.23.1-win-x64.zip
9d4c520003d3aa151a53b43289a51bfb2f7af93b7f011dadccd9a1619b3e2510  node-v10.23.1-win-x86.7z
c3be0fd50c218cc52e85377c9e22d7d2110d72de95bdbc9447145b246330f818  node-v10.23.1-win-x86.zip
4495bdc0646cc535f5d5ad5ca52bb18302cda8d4da950bdecf3043f7d28d7cef  node-v10.23.1-x64.msi
ddc19192781e1b3aebfaee894ccba624c923b2691509b1883bb2a54d0bc396f1  node-v10.23.1-x86.msi
82e2bab0e8c9d16324de69e5f1cfcd46ab1b2db272c6d204fe09d2f5509a9c08  win-x64/node.exe
fe8c3392fafc6a09f59f9d9a2c6dbf922fcde9d072e1abb52df3b0eb09dd27c9  win-x64/node.lib
50cff21434ccb4628e53033167e822021fd0c5fe42d98e1322405179708f8508  win-x64/node_pdb.7z
8ff935da1e63c3a3137f7ff80c67cb8395e42d5c8c1b6209e6c5ce0e7b076409  win-x64/node_pdb.zip
5d2f4b8c34fdc1398b1cda50db5b518e4c42616b9ffc9b05d985e5fabb1f47eb  win-x86/node.exe
2cd7d4a696cd539b4592af0a245db1a8235f2c20e30ae0fa2921d8a130933d8a  win-x86/node.lib
8db9406024e50a833fe31e2805e31834183a18bcded7637721d559b444434779  win-x86/node_pdb.7z
5025c6f535d025d5fde0e64b55199c924300e78da7b665030cdd6948d522e4c1  win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAl/zWpUACgkQxDzsRcF6
uTwdTw//XCxqbJH/uzqUGNkl09ZpNbAXPBksX+UifPvtAxdN0S5N710Mxmo584MZ
Go7k/EgH6zdoO6s6nehtfQNnjuq2sfUuYD7T6ZzQWfwe7VZt43rkTRHq0Wj+VveX
MulN9R8J4T6dHb0KvaqHAdiWs3HkOH9XkdjhOoRLVEJ1aOn7JNztmg0LA+mCdbSP
A0JW+M0WY1Q3qyjGesSTj9YJ+jts0AgAzSbMUBFNETPXqIHjljN0nX2+SCq/CXeM
lcje2mbxe+DeKZ0s4fMHAvmsLXKq+hntqWxhtJ2Rp79wVWZGKV7XrTQPhtShfruK
K+v/mywfNLTxUjI419q7Pn/iXUbPb3UnAhEhoj1m9OEJU3tfw9up4DF3Fzupxc2w
y68TfG6JQXPq3X4LTMUwa4Hj0HRWMdE2fYAzHQFWgAfI+jLD+7IdBSkoyANccG40
tHqajytGJIMAbYU0m+B23aySjSkfai7Dy3GjThqaWvy+jmPLpFtSJ/74hyc/Wp2f
/aYuzbKb6cPCAg0OSLaScQpo0HqjsE8Kbsbt/RFHEEAcXBnTMaa98SgbjTDJgjaa
NipIayFSBALUJEWQNYcNIltMgBnpV2Rzh2U2imXuxZLjk+P1Do5/zXTED4E+lU6Q
KvSBzQPrbaXH0rgfSwcl7p7S6ntzZ+jUPXd7HAQrSvDMlZ0xelo=
=TVIl
-----END PGP SIGNATURE-----