Node v16.4.1 (Current)
Bethany Nicolle Griggs
Notable Changes
Vulnerabilities fixed:
- CVE-2021-22918: libuv upgrade - Out of bounds read (Medium)
- Node.js is vulnerable to out-of-bounds read in libuv's uv__idna_toascii() function which is used to convert strings to ASCII. This is called by Node's dns module's lookup() function and can lead to information disclosures or crashes. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22918
- CVE-2021-22921: Windows installer - Node Installer Local Privilege Escalation (Medium)
- Node.js is vulnerable to local privilege escalation attacks under certain conditions on Windows platforms. More specifically, improper configuration of permissions in the installation directory allows an attacker to perform two different escalation attacks: PATH and DLL hijacking. You can read more about it in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22921
Commits
- [
d33aead28b
] - deps: uv: cherry-pick 99c29c9c2c9b (Ben Noordhuis) nodejs-private/node-private#267 - [
2690907b81
] - win,msi: set install directory permission (AkshayK) nodejs-private/node-private#269
Windows 32-bit Installer: https://nodejs.org/dist/v16.4.1/node-v16.4.1-x86.msi
Windows 64-bit Installer: https://nodejs.org/dist/v16.4.1/node-v16.4.1-x64.msi
Windows 32-bit Binary: https://nodejs.org/dist/v16.4.1/win-x86/node.exe
Windows 64-bit Binary: https://nodejs.org/dist/v16.4.1/win-x64/node.exe
macOS 64-bit Installer: https://nodejs.org/dist/v16.4.1/node-v16.4.1.pkg
macOS Apple Silicon 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-darwin-arm64.tar.gz
macOS Intel 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-darwin-x64.tar.gz
Linux 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-x64.tar.xz
Linux PPC LE 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-ppc64le.tar.xz
Linux s390x 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-s390x.tar.xz
AIX 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-aix-ppc64.tar.gz
ARMv7 32-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-armv7l.tar.xz
ARMv8 64-bit Binary: https://nodejs.org/dist/v16.4.1/node-v16.4.1-linux-arm64.tar.xz
Source Code: https://nodejs.org/dist/v16.4.1/node-v16.4.1.tar.gz
Other release files: https://nodejs.org/dist/v16.4.1/
Documentation: https://nodejs.org/docs/v16.4.1/api/
SHASUMS
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
d0f079c4bc78ee9e1eb646434bc52730c59e433f75febee70ee5506a5526eead node-v16.4.1-aix-ppc64.tar.gz
c6e2a79873c4afbd9fcd7e9d2889e2a7b84860bea472a07ccbe33387397990f5 node-v16.4.1-darwin-arm64.tar.gz
e8d2c3e90e93f3456e8f33e900c4eb404f8456b584e78550a12218aa89689fff node-v16.4.1-darwin-arm64.tar.xz
c78fecdfb062c51ba0432d1c6bb8f30eb14daf47001a5f68d17b3ae6d4d9eb31 node-v16.4.1-darwin-x64.tar.gz
3840f63f73513bfe60aac2a7180501f2b7e8b04806ed0ff0c100042f01bf5612 node-v16.4.1-darwin-x64.tar.xz
85b46ae7c3f2f6482a9a009cffe36ae4ead98f936d05a4e602eb32de148c4345 node-v16.4.1-headers.tar.gz
95d1cc071266739cbb2421a8419bae13652007701165549f0ae584863d11dd8e node-v16.4.1-headers.tar.xz
5d50cb3ce5b5ecccead1d0cf4e18e038c580e10733ff510f73d04a711092569c node-v16.4.1-linux-arm64.tar.gz
7519f43bc704bbb86af6162bad967eb0a277466b6b8c3e0b17dd367d86a97b27 node-v16.4.1-linux-arm64.tar.xz
b8df70739ffb058d4771722384e818fc5f9f0a5e096a45f1bfe7919b3173d32e node-v16.4.1-linux-armv7l.tar.gz
ab8a575ffd154b1faab4c94be5bcb961f6ed1dcc79afa18489dcdb1eea7e660b node-v16.4.1-linux-armv7l.tar.xz
49a3f2958e1e822d4053adf7c006ccf230ca7dc4f830bea789163fd093184160 node-v16.4.1-linux-ppc64le.tar.gz
72607271437948a6470063bc8bbb622ae1da60899217526b60ab2594fdff6b10 node-v16.4.1-linux-ppc64le.tar.xz
c3162a66943a0871423f94c8697c0bbfa2dc8a8474e63fa67a0cdd7f3618aca7 node-v16.4.1-linux-s390x.tar.gz
d472d95911c46bcae6e83ce2ea4312d544ee5ead6d8a6639ba40e51ad5678269 node-v16.4.1-linux-s390x.tar.xz
21181395c11ee1d13c05c4e07b1f4e36ba501d92030ac60a901291c50915b320 node-v16.4.1-linux-x64.tar.gz
3c73b58051a4435d605f9842e582a252e100d5ff62e0a30e3961cab71e8477b1 node-v16.4.1-linux-x64.tar.xz
d4eec360becc29d06b4ee7ee41ab3bf07bd8f4d979d911e18b5ed4ba9841a17f node-v16.4.1.pkg
562df905fdc9c8b3854fea1c755cc969b3c1437774d28b513457cc4034136458 node-v16.4.1.tar.gz
769014432ed8e16267c70b834999e76c48193cd8523ca4f3ee4eadaae7f32aa8 node-v16.4.1.tar.xz
0bec96b5b22ca6d4eead44003011fcdb44af0d331bb1fc8af0647f95cd9feb65 node-v16.4.1-win-x64.7z
f2f0dfc9ee54aff908575734713c482d76bfbed14dcfaea4931fff7450753f25 node-v16.4.1-win-x64.zip
2eec50ab1e34eb99af2819dd92a272e44944dc5b3fbf74c3ab25355feccc97c4 node-v16.4.1-win-x86.7z
a505508994890e418757ea88a55a9685914f57643ec5fb5737c28c5c8b6a1abe node-v16.4.1-win-x86.zip
a6c50420ab8e65df482e841a41a309582445480f2682e58ba3af30edf558b43b node-v16.4.1-x64.msi
f05522114177fd5acf49b2c81aca438f3c88284c5d69196efc2df8bb43cb8090 node-v16.4.1-x86.msi
3b69159360b235d20cd8a35a63562ffd8e96f1032dbd3c0980a6ff794968cc07 win-x64/node.exe
4b5caea50ee2170fd752225477d77a8818965e3e8cbb9871ecbddf32bd6ed94d win-x64/node.lib
ba7c1a22e2a59a73aaeab4c8d56826b705c2da00a57c94d3a3d6b1b460cb8cff win-x64/node_pdb.7z
36b27e73b3132bc6fae11d75f648fe4c35efef2002dfed03a9784f145445f17e win-x64/node_pdb.zip
8fd7ef41cf3a394ace65922babe7db8108374cf0c4cfba5613be61fb147cf141 win-x86/node.exe
e899517caf4e57f674ff37ca8c9db892d676d86960698b2663bbe16e82fa2542 win-x86/node.lib
aafaf686584d890a7b580cb16a9f898a299f3a1c91ae720224a858a9bc5c2f89 win-x86/node_pdb.7z
359ef4b5be217ed189910ae806a57fa555874a5ae2b2e1200b2754ff90942a1c win-x86/node_pdb.zip
-----BEGIN PGP SIGNATURE-----
iQEzBAEBCAAdFiEETtd49TnjY0x3nIfG1wYoSKGrAFwFAmDd4aEACgkQ1wYoSKGr
AFyTuQf+PGAx0iu/qHynzVfoiixzCeugk9HEegU2Sj8oovmnok/bGKFxWTTl+SYj
6h70KpfObXgy5TyczvX1KsuabcFQ+wwSASUtnJcnaG1bKwP1JJOZbvKUwkxEVtDe
/jV1sUr8eAgI0K9SwKn7jRGwaUp88XEKdxlX9Vbio91X0OD9KWkilg6haX+/ccLa
AlaOgmo4lvP8kgycD1AKytZwQOA+BQqhF86C1/+QIQa5EiP/mWztZEzpvUMxFvwU
/CPZPriYuOvXIfzbthGJOEfccU25VJKNaJTIj12UEH54UjWnz0UPCZhQLtBUwLmC
odXiC6kU7Hjq2bFq+Gss4fGmt7LvAA==
=e3hn
-----END PGP SIGNATURE-----