Node v10.24.0(LTS)

주요 변경사항

다음 취약점이 수정되었습니다.

  • CVE-2021-22883: HTTP2 'unknownProtocol’이 리소스 소진으로 인해 서비스 거부를 일으킵니다
    • 'unknownProtocol’로 너무 많은 연결 시도가 이뤄질 때 영향받는 Node.js 버전은 서비스 거부 공격에
      취약합니다. 이를 통해 파일 디스크립터가 유출될 수 있습니다. 시스템에 파일 디스크립터 제한이 설정되어
      있다면 서버는 새로운 연결을 받을 수 없고 프로세스가 아무것도(예: 파일) 열지 못하도록 막을 것입니다.
      파일 디스크립터 제한을 설정하지 않았다면 과도한 메모리를 사용하게 되고 시스템에서
      메모리 부족이 발생할 것입니다.
  • CVE-2021-22884: --inspect의 DNS 리바인딩
    • 화이트리스트가 "localhost6"을 포함하고 있을 때 영향받는 Node.js 버전은 DNS 리바인딩 공격에
      취약합니다. "localhost6"가 /etc/hosts에 없으면 DNS를 통해(네트워크를 통해) 처리되는 평범한
      도메인일 뿐입니다. 공격자가 피해자의 DNS 서버를 제어하거나 응답을 속일 수 있으면 “localhost6”
      도메인을 사용해서 DNS 리바인딩 보호장치를 건너뛸 수 있습니다. 공격자가 “localhost6” 도메인을
      사용할 수 있으면 CVE-2018-7160에 나온 공격을 계속 사용할 수 있습니다.
  • CVE-2021-23840: OpenSSL - CipherUpdate의 정수 오버플로

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v10.24.0/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v10.24.0/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v10.24.0/node-v10.24.0.pkg

macOS 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-aix-ppc64.tar.gz

SmartOS 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-sunos-x64.tar.xz

ARMv6 32-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-armv6l.tar.xz

ARMv7 32-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v10.24.0/node-v10.24.0-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v10.24.0/node-v10.24.0.tar.gz

Other release files: https://nodejs.org/dist/v10.24.0/

Documentation: https://nodejs.org/docs/v10.24.0/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

59bdb393035c605627bf4ba64ad8edcc74f067043790c7edc545333cca8630c4 node-v10.24.0-aix-ppc64.tar.gz
265ccad26fdfdcd86d6571b0bf5f1815b55f6a4a9b367816ad0369790501f55e node-v10.24.0-darwin-x64.tar.gz
ba749262eb5599360cdfe5edf7516a98269defcb6d2de56a9bbfd95a76366a7d node-v10.24.0-darwin-x64.tar.xz
165ca4182bcfa952d2405e53f480525dfe62c3fd453a893bc34df6cbb8fc6740 node-v10.24.0-headers.tar.gz
c7afbb814018f2bed87e85b2aa71c864c961a3754b0733bcfd077fbb068cfd76 node-v10.24.0-headers.tar.xz
65e6255c6f95b6dcf87f13c21994bc80205b4bd7c7d9a3fe1f8f2a18daec576d node-v10.24.0-linux-arm64.tar.gz
41bbf035512a72d073e93440458ad6e48586853fc0a5b6396ded80a2d45cb49c node-v10.24.0-linux-arm64.tar.xz
5a5dcc02bfd0ddcbeb2ef68f116bb72e416149f15f12767864bde77edd7f39d1 node-v10.24.0-linux-armv6l.tar.gz
076d387b1e9345c675745a453f642b6819b07b21cf21d6824f33c8d508f71559 node-v10.24.0-linux-armv6l.tar.xz
02feb052d0e1eb77c9beea5cfe3b67b90d5209ab509797f4f6c892c75cc30fda node-v10.24.0-linux-armv7l.tar.gz
0b01cb43903bc2d06f0ea3bb6753da4c91fd9533f1bd74e8bd2ee55b470a9084 node-v10.24.0-linux-armv7l.tar.xz
227338ffe74d2c2a87bd1bd77f4c74d21d8027e8eff78eb8e7f686a470b83fbe node-v10.24.0-linux-ppc64le.tar.gz
1d5b9c5a6ffb7027bbf9cf608d919c280039cea1f1f0308324aca871d874fca7 node-v10.24.0-linux-ppc64le.tar.xz
5a4478e6602c6c6fb28bc01b5356215e714ef0d3917fb1ede487c9b93e88741e node-v10.24.0-linux-s390x.tar.gz
322d9faf2d724de4596cc021e5eb37553ceafc07fccd2f39afede8c56dde7432 node-v10.24.0-linux-s390x.tar.xz
d8d7ecb0667a9b86b7ce1994731f9c9d313b46f04de59f724259a6fda685617a node-v10.24.0-linux-x64.tar.gz
a937fb43225289ada54c6c3272a2ad18e1e33b8c7d6211c289d421b5051fdbd0 node-v10.24.0-linux-x64.tar.xz
347004459f040a83bf7f1cb663dd9ba846df8def8967a9572801484768b8a754 node-v10.24.0.pkg
c5233cea13d3ce560cda1cdda873c2054bd3b5621da466fb4965668ef4259b93 node-v10.24.0-sunos-x64.tar.gz
2b43e85f73a0dbc1ec0e64394c2607cbfe53045aaa11f3d9a65ceb4cc6ee8394 node-v10.24.0-sunos-x64.tar.xz
c8d0a56279be77a9033b5f89603c6c491060a661c607fbf82bbe931ca662996e node-v10.24.0.tar.gz
158273af66f891b2fca90aec7336c42f7574f467affad02c14e80ca163cb3acc node-v10.24.0.tar.xz
bf839f4d96e1cb105c271a1ccb7a728ff8ce7dfd34a260afaf02e349b00831d2 node-v10.24.0-win-x64.7z
abf0aa48f642aa9ef6cc0021d2fe0275a60feece603664a76c31a812adc710bb node-v10.24.0-win-x64.zip
7e0e4c6b43935ce194456bbf066bb72fad49427fa08bfd4e7fc9818b4f312d3c node-v10.24.0-win-x86.7z
6e32b8c513ba209ae7ac2058c106d0b83b4c14c3472d3f1ad956fd3462691799 node-v10.24.0-win-x86.zip
a2c5dd02e43715127248d8533d260a9d4359b9f2d6ba6958df65631b8bf627cf node-v10.24.0-x64.msi
afcfa989c331e92ed02aeb88b0865ac2264b7bc297685ea46de48d5a945d46c0 node-v10.24.0-x86.msi
58c529834cbc65363d07e1ee59bb577cc76f527a2b0db80d0784e9b6e3c7e6da win-x64/node.exe
7688ed23318d253aa98ee198f94983e4b563fab188e6fd9dd32955e77111096a win-x64/node.lib
2ae5424c759a3eb7aabfbb5d21ce8227f43d27150fbf6e1dd89173eeae9a4f8c win-x64/node_pdb.7z
7a68fa70295977484f1b1dcffa7d590c5b5f84b28d0ea51ffea734850307933a win-x64/node_pdb.zip
121c6d54aa31bb43a042e7cdedf0bdc916c39895f0f46c34cac76c3990895381 win-x86/node.exe
de1f3445597cbbee2e5eac435651f5dcab049a2d8bd3636877ab5803a87e269e win-x86/node.lib
2e218cafa528cd3a35dd58ba621b3f182498db7f235c072f14d1426043cf2eb8 win-x86/node_pdb.7z
2e4d6d1c72a90bdff03412d525b764a445edc108cd0503c4baf7da708b081a6e win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEyC+jrhy+3Gvka5NgxDzsRcF6uTwFAmA0+7cACgkQxDzsRcF6
uTwCexAAhTRwBOfMu0XzBPBa+NdpJSDjbYtyI2BNcR8NWMnL18H2pQCbPL2zrm1T
a9kUiNgEuRElMjrxGTyUrx9sNkLPgJDnVeKTXGmwvYk6l3NwbKXW69qn2P/GUAdt
Y9/EnZUWY8s5gyPg4+OtQ5BwgGKrqW/Xsf3rUGFvqvoWqVeUTrQsZVCRrZWdm9oZ
pZyZaLWFCYH08PIq2Q3eYjpfu2Uv7HqWFVIM2NtFI6snZmVmnjUIsr8P1leJQVmM
CZ1Pb9O7+m4jgPGOqWXoJl7bjNrk5jn6o7kZK4AaavR8oMVkRNDikI3VlKBXytMg
lJYapT0a9ELYCVqXhCCar/zNhZDLwJd6b/rYIbP9SKqE9Zcxv2iABR1S3GZwjfEC
dPqTO2blff0CBEU/PsCZxdnSDXPHn3JCwtsuXl4tkyXsH4jd7ob0ur03P7mKfwOR
eZH4wIMPj/KVRKbcT/ts22WzaI21BI06/3MRj4i54fMsloZYCP1+99iovKSqnXrG
iOfse5AjBVWCVsfiJcQfDfDSnL2jl1OF8ii1ZR+gEE2ZczLeCDKszwpBM+66oIqT
cyz3elK64mKc95q9e/eZo9WNwokUsVY6uhqAN08Z1rBnF4ffYGN0YLzOy3/tgHv0
oUt/5184eDsTucMAdC8TbjF1XjFTx2aIc2y1e4ZzJF9GtUQ2FEE=
=V+LP
-----END PGP SIGNATURE-----