Node v16.6.2(현재 버전)

주요 변경사항

  • CVE-2021-3672/CVE-2021-22931: 도메인명에 일반적이지 않은 문자의 부적절한 처리(높음)
    • 도메인 네임 서버가 반환한 호스트 명을 Node.js DNS 라이브러리에서 입력값 유효성 검사를
      하지 않습니다. 이에 Node.js가 원격 코드 실행, XSS에 취약하고, 애플리케이션에
      크래시가 발생할 수 있습니다. 이 유효성 검사 누락 때문에 (도메인 하이재킹이 되는)
      잘못된 호스트 명을 출력할 수 있고 이 라이브러리를 사용하는 애플리케이션에 취약점을
      주입할 수 있습니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931에서 볼 수 있습니다.
  • CVE-2021-22940: 스트림 취소로 http2를 닫을 때의 use after free(높음)
    • 공격자가 프로세스의 동작을 변경하려고 메모리 변조를 악용할 수 있는 곳에서 use after free 공격에
      Node.js가 취약합니다. 이 이슈는 CVE-2021-22930에 대한 수정이 문제를 완전히 해결하지 못했기 때문에
      CVE-2021-22930의 후속 조치입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940에서 볼 수 있습니다.
  • CVE-2021-22939: rejectUnauthorized 파라미터의 불완전한 유효성 검사(낮음)
    • Node.js https API를 잘못 사용하고 “rejectUnauthorized” 파라미터에 "undefined"를 전달하면
      오류도 반환하지 않고 만료된 인증서를 가진 서버에 연결을 받아들일 것입니다. 자세한 내용은
      https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939에서 볼 수 있습니다.

Commits

Windows 32-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2-x86.msi

Windows 64-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2-x64.msi

Windows 32-bit Binary: https://nodejs.org/dist/v16.6.2/win-x86/node.exe

Windows 64-bit Binary: https://nodejs.org/dist/v16.6.2/win-x64/node.exe

macOS 64-bit Installer: https://nodejs.org/dist/v16.6.2/node-v16.6.2.pkg

macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-darwin-arm64.tar.gz

macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-darwin-x64.tar.gz

Linux 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-x64.tar.xz

Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-ppc64le.tar.xz

Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-s390x.tar.xz

AIX 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-aix-ppc64.tar.gz

ARMv7 32-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-armv7l.tar.xz

ARMv8 64-bit Binary: https://nodejs.org/dist/v16.6.2/node-v16.6.2-linux-arm64.tar.xz

Source Code: https://nodejs.org/dist/v16.6.2/node-v16.6.2.tar.gz

Other release files: https://nodejs.org/dist/v16.6.2/

Documentation: https://nodejs.org/docs/v16.6.2/api/

SHASUMS

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

2a51635501451a88f6addc192a79b6d36cc40dcf3a198a54037ab26fa6305043 node-v16.6.2-aix-ppc64.tar.gz
29e46e83f6837ff1c815c49f590c25fa51b0811a6590c62120a9d464ba431fc6 node-v16.6.2-darwin-arm64.tar.gz
befbfdec7c2118689544ef596e990aae2fcd1227707c6a8475056be14ce2ee8d node-v16.6.2-darwin-arm64.tar.xz
74e95aca0ea88ed2d9270dccc1e3e62500912be5fef1528bb11f178c468f312c node-v16.6.2-darwin-x64.tar.gz
21c9417c38d9bee140c659f7cf11806ec866af3f7053bd17ec45757a902c9956 node-v16.6.2-darwin-x64.tar.xz
7764da71e22d57746d65eb408dc80cbd7f6eed7f38b558684fa60571d1c69b26 node-v16.6.2-headers.tar.gz
e4bf9c8db91d149d9f3cebd79621571079ffb9d92dca10e7d260120ff99b428e node-v16.6.2-headers.tar.xz
c51a94f28a29c390d20445d9b334a9808d3166bd244ebc03852d23c0b17a93ca node-v16.6.2-linux-arm64.tar.gz
d885ffcef367a010e2b21a283ec96721e92b29f222de5d943bc7188e48f30349 node-v16.6.2-linux-arm64.tar.xz
1ba5287c941cef2da53c0d80db7db7124971b1c933f222ca7f2eb833e1817f35 node-v16.6.2-linux-armv7l.tar.gz
9756e763910ab7277346307fb5c4d34370ab3bb7d957129f58a65bf69f2af93b node-v16.6.2-linux-armv7l.tar.xz
a966ea0d258c0e4a2c23b77f49f85bd7a4a4ff674fcd0d625a7fa48370d14d15 node-v16.6.2-linux-ppc64le.tar.gz
c2ee7961f1f217b0cc57a15efc3372b0495f6e1775a3e7f50b153b9db7c46be9 node-v16.6.2-linux-ppc64le.tar.xz
31e27413ff29607af54fcf842105a5290f2556add1b009b8e28240f96f742638 node-v16.6.2-linux-s390x.tar.gz
c3d6b4f7bf055f257abc07862743b614bdba00fd096a863eaadc700ae0939c98 node-v16.6.2-linux-s390x.tar.xz
913913f62416b96dee5f463b54e1adebaf669dd2ff3b047d6290deadc3003d97 node-v16.6.2-linux-x64.tar.gz
90c88cf6ca06dcd6d20c2b6dba5ff84d1f831446c25ef650f86e86bb94239353 node-v16.6.2-linux-x64.tar.xz
5bb14dafbac87efb74d3e050a90de68eb407ecadd52f12a1b4e937ec59884792 node-v16.6.2.pkg
e8df4a0084c379a37c11b315b7d068760a38598119d7ca9262977adcbbb58933 node-v16.6.2.tar.gz
8794cba1f971e4200a38690c76d7cc0a3bd1cba96fbf4305dfbe21fc459d79eb node-v16.6.2.tar.xz
152e36fe0493f37d3be939c7f9c3a975c9f39a3346d66787b59e2db28ed2eeb6 node-v16.6.2-win-x64.7z
e7e05eb133fce48b76b4db6714d80aea90872afec176599585bc1aa457fb41b9 node-v16.6.2-win-x64.zip
b40c0f3bf401ff56c558de3a24b33101273c622e664e1e5df4d08444aa4ae7df node-v16.6.2-win-x86.7z
b7324b70ed37e14878cde39cd69099368513068495b25d97f1423591c0206685 node-v16.6.2-win-x86.zip
6cb05e722749c98cc9d0d1b2ef0c3a4c5c05da83a00b4ef04cee0bd4a3cfbbc7 node-v16.6.2-x64.msi
22b21336d6ae8d16a1e45d38bd198831aa27ddf8a61d52831cfbd3ba5d2866e0 node-v16.6.2-x86.msi
9c99a5255dabc044bd262df07ec8e6ba3351e38d003121ed8739906bf5f0eb42 win-x64/node.exe
e7484e4552df7e992e5d409e518aa467555769dc85917da408d41f85c4f2823d win-x64/node.lib
a44ba1e9c42f84d80a9c29871a22c687e7f35ae358a898813d50b02866b8d6e9 win-x64/node_pdb.7z
bfdfedc1829855dcb1545661963dcb98d72ea517a4be3926a8c35f5120a72637 win-x64/node_pdb.zip
5dc410d110cb86a0e9fd58f30b5c1208915e733e3ab222e71fbdb0aa1a3755f3 win-x86/node.exe
7821ab6af3cef68eee042ef6b7fb2185eafff8bd4e4c988c8fc6c1d0242d2bcd win-x86/node.lib
cee7fe2c53d99e9c7bca0e7485a35c49d0f01ad131a790199cdb68e1383b946d win-x86/node_pdb.7z
32f1c9673025980c1563bf173c02bf3ae81a0a8c0e30673a3e906b3adff0519a win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmET+3QACgkQ1wYoSKGr
AFxCGAgAs2V2hTNMfXb7C82V45tyi5tg2CIWtv98Ewc5py0tuVPbWmUO8enPP0AO
u4VAidwH3q4FT1xlVakC3QQL9qf13yi5fdLyHxfToCu2TP4U1avV8CWymdG/gPYz
wn6IBurWn/a3RRnva+euUEUubSAvRk5QrujAgkmcuAkXXQAo1pjbKjeKJ2NLnVeC
9dUISRz7XtmYEmAO8Fyszv/7JbZuNthd/VITDY9taWfN46nlcYwLSA54vqYj5nG9
AJoCKd5t/T5CMGOAc1/rtytFrXVBiCcSQLilFFy7In0oVQeT3EvtQmQENfdbwr3r
uCe9lxACJp/+lq2VZXlKFQpkzDxong==
=6UuH
-----END PGP SIGNATURE-----