SB2018112015 - Information disclosure in nodejs-current (Alpine package)
Published: November 20, 2018
Security Bulletin ID
SB2018112015
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Local access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2018-0734)
The vulnerability allows a local attacker to obtain potentially sensitive information.
The vulnerability exists due to unspecified flaw in Digital Signature Algorithm (DSA). A local attacker can conduct a timing side-channel attack and recover the private key, which could be used to conduct further attacks.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=4bb02b09003b63e5aa9c4d9be68117e15e663c00
- https://git.alpinelinux.org/aports/commit/?id=bd0e7c7b564133e60cba91a11ebaf58fc66ca95f
- https://git.alpinelinux.org/aports/commit/?id=cbad6e043c390238adf4905ce29648f24e4503ba
- https://git.alpinelinux.org/aports/commit/?id=d30e50323c5f1784719c4be7a9c21388b2ac6dcb
- https://git.alpinelinux.org/aports/commit/?id=9506edbe44db07fc65aab5d444e7e02ca3767187
- https://git.alpinelinux.org/aports/commit/?id=c1d3640cee748b8ff91fd6d4fb3102e9fb356ab2
- https://git.alpinelinux.org/aports/commit/?id=dfa7fc2a3c8a46d7b74d3622e61fdc3aacf7e2c5
- https://git.alpinelinux.org/aports/commit/?id=71cc4cc38133a6c2666978dacfa9c2ab78b1eaec
- https://git.alpinelinux.org/aports/commit/?id=0475e69802503af151dbf782f81d152d331b1083
- https://git.alpinelinux.org/aports/commit/?id=07b44d0ab16346876de776763036d792759e63b7
- https://git.alpinelinux.org/aports/commit/?id=20644e278a928af7b6ba3dab98e72de889abde1f
- https://git.alpinelinux.org/aports/commit/?id=57d5f945ab66ccc72e5b48a40343ff6169b9893d