Oval Definition:oval:org.opensuse.security:def:102799
Revision Date:2020-06-09Version:1
Title:Security update for nodejs10 (Critical)
Description:

This update for nodejs10 fixes the following issues:

nodejs10 was updated to version 10.21.0

- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). - CVE-2020-10531: Fixed an integer overflow in UnicodeString:doAppend() (bsc#1166844). - Fixed an issue with openssl by adding getrandom syscall definition for all Linux platforms (bsc#1162117).

npm was updated to 6.14.3

- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916).
Family:unixClass:patch
Status:Reference(s):1162117
1166844
1166916
1172442
1172443
CVE-2020-10531
CVE-2020-11080
CVE-2020-7598
CVE-2020-8174
SUSE-SU-2020:1568-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP2
SUSE Linux Enterprise Module for Web Scripting 15 SP2
SUSE Linux Enterprise Server 15 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP2
SUSE Linux Enterprise Storage 7
SUSE Manager Proxy 4.1
SUSE Manager Server 4.1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • AND Package Information
  • nodejs10-10.21.0-1.21.1 is installed
  • OR nodejs10-devel-10.21.0-1.21.1 is installed
  • OR nodejs10-docs-10.21.0-1.21.1 is installed
  • OR npm10-10.21.0-1.21.1 is installed
  • BACK