Linux Kernel prepatch 4.10-rc5 发布
Node v5.7.1 发布了，以下是更新记录：
- governance: The Core Technical Committee (CTC) added four new members to help guide Node.js core development: Evan Lucas, Rich Trott, Ali Ijaz Sheikh and Сковорода Никита Андреевич (Nikita Skovoroda).
- openssl: Upgrade from 1.0.2f to 1.0.2g (Ben Noordhuis) #5507.
- Fix a double-free defect in parsing malformed DSA keys that may potentially be used for DoS or memory corruption attacks. It is likely to be very difficult to use this defect for a practical attack and is therefore considered low severity for Node.js users. More info is available at CVE-2016-0705.
- Fix a defect that can cause memory corruption in certain very rare cases relating to the internal
BN_dec2bn()functions. It is believed that Node.js is not invoking the code paths that use these functions so practical attacks via Node.js using this defect are unlikely to be possible. More info is available at CVE-2016-0797.
- Fix a defect that makes the CacheBleed Attack possible. This defect enables attackers to execute side-channel attacks leading to the potential recovery of entire RSA private keys. It only affects the Intel Sandy Bridge (and possibly older) microarchitecture when using hyper-threading. Newer microarchitectures, including Haswell, are unaffected. More info is available at CVE-2016-0702.
- Fixed several regressions that appeared in v5.7.0:
- Output is no longer unnecessarily verbose (Brian White) #5389.
- Resolving UNC paths on Windows now works correctly (Owen Smith) #5456.
- Resolving paths with prefixes now works correctly from the root directory (Owen Smith)#5490.
- url: Fixed an off-by-one error with
parse()(Brian White) #5394.
- dgram: Now correctly handles a default address case when offset and length are specified (Matteo Collina) #5407.