Botched npm Update Crashes Linux Systems, Forces Users to Reinstall OS from scratch

Status
Not open for further replies.

LASER_oneXM

Level 37
Thread author
Verified
Top Poster
Well-known
Feb 4, 2016
2,520
source (bleepingcomputer.com): Botched npm Update Crashes Linux Systems, Forces Users to Reinstall

npm.jpg


A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot.

Changing ownership of these files either crashes the system, various local apps, or prevents the system from booting, according to reports from users who installed npm v5.7.0. —the buggy npm update.

Most users will have to reinstall systems
Users who installed this update —mostly developers and software engineers— will likely have to reinstall their system from scratch or restore from a previous system image.

"This destroyed 3 production server after a single deploy!,"
one affected user said in a GitHub bug report today. Many others users have taken to Twitter to describe similar issues with dev and production servers, and warn other users not to update.
......
..........
...
.......

Bug first reported a week ago
The bug was first reported a week ago but was left without an answer from npm developers. Users filed a new bug report after last night's release, and the npm team has released npm v5.7.1, a version that removes the buggy code.

FreeBSD users have also reported being impacted by the bug. Mac and Windows users didn't experience any issues. The problem did not affect every Linux user.
..
.....
....
.........
 
  • Like
Reactions: harlan4096
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top