VDB

GCVE-110-MAGEIA-2015-186

GCVE-110-MAGEIA-2015-186
Advisory Published
Vulnetix · Advisory published May 5, 2015
Updated nodejs package fixes security vulnerability: It was found that libuv does not call setgoups before calling setuid/setgid. This may potentially allow an attacker to gain elevated privileges (CVE-2015-0278). The libuv library is bundled with nodejs, and a fixed version of libuv is included with nodejs as of version 0.10.37. The nodejs package has been updated to version 0.10.38 to fix this issue, as well as several other bugs.

Affected Products

VendorProductVersionsPlatforms
Mageiaqarte0 (affected), 2.6.0-1.1.mga5 (unaffected)
Mageianodejs0 (affected), 0 (affected), 0.10.38-1.mga4 (unaffected), 0.10.38-1.mga4 (unaffected)

Browse GCVE Records

73,044 records in the GCVE database · Updated July 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›