https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5791775#M287761 <P>Secunia logs this as folows at&nbsp;</P><P><A href="http://secunia.com/advisories/65282/" target="_blank">http://secunia.com/advisories/65282/</A></P><P>&nbsp;</P><P>Description</P><P>&nbsp;</P><P class="small_p">A security issue has been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions.<BR /><BR />The security issue is caused due to an error when finding an alternative certificate chain, which can be exploited to bypass certain checks on untrusted certificates and accept an otherwise invalid certificate.<BR /><BR />The security issue is reported in versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.</P><P>&nbsp;</P><DIV><P class="small_p"><STRONG>Solution:</STRONG><BR />Update to version 1.0.2d or 1.0.1p.</P><P class="small_p"><STRONG>Provided and/or discovered by:</STRONG><BR />The vendor credits Adam Langley and David Benjamin.</P><P class="small_p"><STRONG>Original Advisory:</STRONG><BR /><A href="http://www.openssl.org/news/secadv_20150709.txt" target="_blank">http://www.openssl.org/news/secadv_20150709.txt</A></P><P class="small_p"><STRONG>Deep Links:</STRONG><BR /><A title="Customers get access to additional unvetted links to a broad variety of 3rd party sources which provide information related to the advisory." href="http://secunia.com/vulnerability_intelligence/" target="_blank">Links available to Secunia VIM customers</A></P></DIV> Thu, 27 Aug 2015 16:35:44 GMT petermat 2015-08-27T16:35:44Z https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5789397#M287759 <P>Secunia PSI is telling me that the copies of node.exe installed by Fusion down in C:\Users\emad\AppData\Local\Autodesk\webdeploy\shared\Brackets\1.2.0c\WIN64\Brackets</P><P>and</P><P>C:\Users\emad\AppData\Local\Autodesk\webdeploy\production\dc51aa32319719d501b533ed310b20be48414459\Brackets</P><P>are out of date - which they are. They are 10.24 vs the current 12.7. Installing the current version does nothing to change this as the standard install goes to&nbsp;</P><P>C:\Program Files\nodejs</P><P>and installs a bunch more stuff than just node.exe</P><P>&nbsp;</P><P>Any advice on this situation?</P> Wed, 26 Aug 2015 18:17:46 GMT https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5789397#M287759 petermat 2015-08-26T18:17:46Z https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5791716#M287760 <P>We use a lot of 3rd party components and don't necessarily update them without good cause. Is there a security advisory about this version of node that you are concerned about?</P> <P>&nbsp;</P> <P>In our next update this component will not be called until you access the functionality that uses it.</P> <P>&nbsp;</P> <P>Please let us know your concerns about this.</P> <P>&nbsp;</P> <P>Thanks,</P> Thu, 27 Aug 2015 16:00:14 GMT https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5791716#M287760 Phil.E 2015-08-27T16:00:14Z https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5791775#M287761 <P>Secunia logs this as folows at&nbsp;</P><P><A href="http://secunia.com/advisories/65282/" target="_blank">http://secunia.com/advisories/65282/</A></P><P>&nbsp;</P><P>Description</P><P>&nbsp;</P><P class="small_p">A security issue has been reported in OpenSSL, which can be exploited by malicious people to bypass certain security restrictions.<BR /><BR />The security issue is caused due to an error when finding an alternative certificate chain, which can be exploited to bypass certain checks on untrusted certificates and accept an otherwise invalid certificate.<BR /><BR />The security issue is reported in versions 1.0.2c, 1.0.2b, 1.0.1n and 1.0.1o.</P><P>&nbsp;</P><DIV><P class="small_p"><STRONG>Solution:</STRONG><BR />Update to version 1.0.2d or 1.0.1p.</P><P class="small_p"><STRONG>Provided and/or discovered by:</STRONG><BR />The vendor credits Adam Langley and David Benjamin.</P><P class="small_p"><STRONG>Original Advisory:</STRONG><BR /><A href="http://www.openssl.org/news/secadv_20150709.txt" target="_blank">http://www.openssl.org/news/secadv_20150709.txt</A></P><P class="small_p"><STRONG>Deep Links:</STRONG><BR /><A title="Customers get access to additional unvetted links to a broad variety of 3rd party sources which provide information related to the advisory." href="http://secunia.com/vulnerability_intelligence/" target="_blank">Links available to Secunia VIM customers</A></P></DIV> Thu, 27 Aug 2015 16:35:44 GMT https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5791775#M287761 petermat 2015-08-27T16:35:44Z https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5791901#M287762 <P>Hello Peter,</P> <P>&nbsp;</P> <P>Thanks for bringing this issue to our attention. &nbsp;I do not beleive that the version of node.exe delivered is used in such a way as to expose anyone to the vulnerability mentioned, but we have initiated the process for updating the component none-the-less.</P> <P>&nbsp;</P> <P>In the meantime, it is used primarily to support the Brackets IDE that is provided for the purpose of editing javascript add-ins in neutron. &nbsp; As long as this functionality isn't used, the executable should not be launched. &nbsp;If you are not a programmer, avoiding Brackets shoudln't be hard. &nbsp;If you are a programmer, then you can use any editor of your preference instead.</P> <P>&nbsp;</P> <P>To make your computer more secure in spite of the fact that you won't be using the exe, feel free to delete the node.exe files found in our installation folder... or if you prefer to replace them with the node.exe you downloaded... but since we have not tested with this version, we cannot guarantee that&nbsp;this&nbsp;will work.</P> <P>&nbsp;</P> <P>Thanks,</P> <P>Steven</P> Thu, 27 Aug 2015 17:37:32 GMT https://forums.autodesk.com/t5/fusion-design-validate-document/node-exe/m-p/5791901#M287762 svelez 2015-08-27T17:37:32Z