VDB
GCVE-110-MAGEIA-2015-186
GCVE-110-MAGEIA-2015-186
Advisory Published
Updated nodejs package fixes security vulnerability:
It was found that libuv does not call setgoups before calling setuid/setgid.
This may potentially allow an attacker to gain elevated privileges
(CVE-2015-0278).
The libuv library is bundled with nodejs, and a fixed version of libuv is
included with nodejs as of version 0.10.37. The nodejs package has been
updated to version 0.10.38 to fix this issue, as well as several other bugs.
Affected Products
| Vendor | Product | Versions | Platforms |
|---|---|---|---|
| Mageia | qarte | 0 (affected), 2.6.0-1.1.mga5 (unaffected) | — |
| Mageia | nodejs | 0 (affected), 0 (affected), 0.10.38-1.mga4 (unaffected), 0.10.38-1.mga4 (unaffected) | — |
Aliases
References
Browse GCVE Records
73,044 records in the GCVE database · Updated July 16, 2026
No matching records found.
Explore Further
Investigate this vulnerability in the interactive console or download the raw GCVE record.