Security Advisory: Vulnerability in Node.js 0.11.x thru 0.12.5

Peter Gale (suspended) -

UPDATE: 16:45 6-July-2015 UTC

Summary: Vulnerability in Node.js 0.11.x thru 0.12.5 -- this issue is resolved as follows in Node.js version 0.12.6:

"Fixed an out-of-band write in utf8 decoder. Impacts all Buffer to String conversions. This is an important security update as it can be used to cause a denial of service attack."

Status: pkgsrc 2014Q4 and 2015Q1 have been updated with nodejs-0.12.6. Customers can upgrade as follows:

pkgin up

pkgin upgrade nodejs

If you have any questions regarding this issue, please contact Joyent Support by creating a ticket at or via email to

Best Regards,

Joyent Support

Have more questions? Submit a request


Article is closed for comments.