주요 변경사항
다음 취약점이 수정되었습니다.
CVE-2021-22883 : HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
메모리 부족이 발생할 것입니다.
CVE-2021-22884 : --inspect의 DNS 리바인딩
화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
CVE-2021-23840 : OpenSSL - CipherUpdate의 정수 오버플로
Commits
Windows 32-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v10.24.0/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v10.24.0/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0.pkg
macOS 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-aix-ppc64.tar.gz
SmartOS 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-sunos-x64.tar.xz
ARMv6 32-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-armv6l.tar.xz
ARMv7 32-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v10.24.0/node-v10.24.0.tar.gz
Other release files: https://nodejs.org/dist/v10.24.0/
Documentation: https://nodejs.org/docs/v10.24.0/api/
SHASUMS
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 59bdb393035c605627bf4ba64ad8edcc74f067043790c7edc545333cca8630c4 node-v10.24.0-aix-ppc64.tar.gz 265ccad26fdfdcd86d6571b0bf5f1815b55f6a4a9b367816ad0369790501f55e node-v10.24.0-darwin-x64.tar.gz ba749262eb5599360cdfe5edf7516a98269defcb6d2de56a9bbfd95a76366a7d node-v10.24.0-darwin-x64.tar.xz 165ca4182bcfa952d2405e53f480525dfe62c3fd453a893bc34df6cbb8fc6740 node-v10.24.0-headers.tar.gz c7afbb814018f2bed87e85b2aa71c864c961a3754b0733bcfd077fbb068cfd76 node-v10.24.0-headers.tar.xz 65e6255c6f95b6dcf87f13c21994bc80205b4bd7c7d9a3fe1f8f2a18daec576d node-v10.24.0-linux-arm64.tar.gz 41bbf035512a72d073e93440458ad6e48586853fc0a5b6396ded80a2d45cb49c node-v10.24.0-linux-arm64.tar.xz 5a5dcc02bfd0ddcbeb2ef68f116bb72e416149f15f12767864bde77edd7f39d1 node-v10.24.0-linux-armv6l.tar.gz 076d387b1e9345c675745a453f642b6819b07b21cf21d6824f33c8d508f71559 node-v10.24.0-linux-armv6l.tar.xz 02feb052d0e1eb77c9beea5cfe3b67b90d5209ab509797f4f6c892c75cc30fda node-v10.24.0-linux-armv7l.tar.gz 0b01cb43903bc2d06f0ea3bb6753da4c91fd9533f1bd74e8bd2ee55b470a9084 node-v10.24.0-linux-armv7l.tar.xz 227338ffe74d2c2a87bd1bd77f4c74d21d8027e8eff78eb8e7f686a470b83fbe node-v10.24.0-linux-ppc64le.tar.gz 1d5b9c5a6ffb7027bbf9cf608d919c280039cea1f1f0308324aca871d874fca7 node-v10.24.0-linux-ppc64le.tar.xz 5a4478e6602c6c6fb28bc01b5356215e714ef0d3917fb1ede487c9b93e88741e node-v10.24.0-linux-s390x.tar.gz 322d9faf2d724de4596cc021e5eb37553ceafc07fccd2f39afede8c56dde7432 node-v10.24.0-linux-s390x.tar.xz d8d7ecb0667a9b86b7ce1994731f9c9d313b46f04de59f724259a6fda685617a node-v10.24.0-linux-x64.tar.gz a937fb43225289ada54c6c3272a2ad18e1e33b8c7d6211c289d421b5051fdbd0 node-v10.24.0-linux-x64.tar.xz 347004459f040a83bf7f1cb663dd9ba846df8def8967a9572801484768b8a754 node-v10.24.0.pkg c5233cea13d3ce560cda1cdda873c2054bd3b5621da466fb4965668ef4259b93 node-v10.24.0-sunos-x64.tar.gz 2b43e85f73a0dbc1ec0e64394c2607cbfe53045aaa11f3d9a65ceb4cc6ee8394 node-v10.24.0-sunos-x64.tar.xz c8d0a56279be77a9033b5f89603c6c491060a661c607fbf82bbe931ca662996e node-v10.24.0.tar.gz 158273af66f891b2fca90aec7336c42f7574f467affad02c14e80ca163cb3acc node-v10.24.0.tar.xz bf839f4d96e1cb105c271a1ccb7a728ff8ce7dfd34a260afaf02e349b00831d2 node-v10.24.0-win-x64.7z abf0aa48f642aa9ef6cc0021d2fe0275a60feece603664a76c31a812adc710bb node-v10.24.0-win-x64.zip 7e0e4c6b43935ce194456bbf066bb72fad49427fa08bfd4e7fc9818b4f312d3c node-v10.24.0-win-x86.7z 6e32b8c513ba209ae7ac2058c106d0b83b4c14c3472d3f1ad956fd3462691799 node-v10.24.0-win-x86.zip a2c5dd02e43715127248d8533d260a9d4359b9f2d6ba6958df65631b8bf627cf node-v10.24.0-x64.msi afcfa989c331e92ed02aeb88b0865ac2264b7bc297685ea46de48d5a945d46c0 node-v10.24.0-x86.msi 58c529834cbc65363d07e1ee59bb577cc76f527a2b0db80d0784e9b6e3c7e6da win-x64/node.exe 7688ed23318d253aa98ee198f94983e4b563fab188e6fd9dd32955e77111096a win-x64/node.lib 2ae5424c759a3eb7aabfbb5d21ce8227f43d27150fbf6e1dd89173eeae9a4f8c win-x64/node_pdb.7z 7a68fa70295977484f1b1dcffa7d590c5b5f84b28d0ea51ffea734850307933a win-x64/node_pdb.zip 121c6d54aa31bb43a042e7cdedf0bdc916c39895f0f46c34cac76c3990895381 win-x86/node.exe de1f3445597cbbee2e5eac435651f5dcab049a2d8bd3636877ab5803a87e269e win-x86/node.lib 2e218cafa528cd3a35dd58ba621b3f182498db7f235c072f14d1426043cf2eb8 win-x86/node_pdb.7z 2e4d6d1c72a90bdff03412d525b764a445edc108cd0503c4baf7da708b081a6e win-x86/node_pdb.zip -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmA0+7cACgkQxDzsRcF6 uTwCexAAhTRwBOfMu0XzBPBa+NdpJSDjbYtyI2BNcR8NWMnL18H2pQCbPL2zrm1T a9kUiNgEuRElMjrxGTyUrx9sNkLPgJDnVeKTXGmwvYk6l3NwbKXW69qn2P/GUAdt Y9/EnZUWY8s5gyPg4+OtQ5BwgGKrqW/Xsf3rUGFvqvoWqVeUTrQsZVCRrZWdm9oZ pZyZaLWFCYH08PIq2Q3eYjpfu2Uv7HqWFVIM2NtFI6snZmVmnjUIsr8P1leJQVmM CZ1Pb9O7+m4jgPGOqWXoJl7bjNrk5jn6o7kZK4AaavR8oMVkRNDikI3VlKBXytMg lJYapT0a9ELYCVqXhCCar/zNhZDLwJd6b/rYIbP9SKqE9Zcxv2iABR1S3GZwjfEC dPqTO2blff0CBEU/PsCZxdnSDXPHn3JCwtsuXl4tkyXsH4jd7ob0ur03P7mKfwOR eZH4wIMPj/KVRKbcT/ts22WzaI21BI06/3MRj4i54fMsloZYCP1+99iovKSqnXrG iOfse5AjBVWCVsfiJcQfDfDSnL2jl1OF8ii1ZR+gEE2ZczLeCDKszwpBM+66oIqT cyz3elK64mKc95q9e/eZo9WNwokUsVY6uhqAN08Z1rBnF4ffYGN0YLzOy3/tgHv0 oUt/5184eDsTucMAdC8TbjF1XjFTx2aIc2y1e4ZzJF9GtUQ2FEE= =V+LP -----END PGP SIGNATURE-----