Oval Definition:	oval:org.opensuse.security:def:118565
Revision Date: 2020-09-30 Version: 1 Title: Security update for nodejs8 (Critical) Description: This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). - CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916) - CVE-2020-15095: Fixed information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686). - Add Require for nodejs8 when intalling npm8 (bsc#1172728) Family: unix Class: patch Status: Reference(s): 1166916 1172442 1172443 1172686 1172728 1173937 CVE-2020-11080 CVE-2020-15095 CVE-2020-7598 CVE-2020-8174 SUSE-SU-2020:2800-1 Platform(s): SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for Web Scripting 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 Product(s): Definition Synopsis Release Information SUSE Linux Enterprise High Performance Computing 15 SP2 is installed OR SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed OR SUSE Linux Enterprise Server 15 SP2 is installed OR SUSE Linux Enterprise Server for SAP Applications 15 SP2 is installed OR SUSE Linux Enterprise Storage 7 is installed OR SUSE Manager Proxy 4.1 is installed OR SUSE Manager Retail Branch Server 4.1 is installed OR SUSE Manager Server 4.1 is installed AND Package Information nodejs8-8.17.0-10.3.1 is installed OR nodejs8-devel-8.17.0-10.3.1 is installed OR nodejs8-docs-8.17.0-10.3.1 is installed OR npm8-8.17.0-10.3.1 is installed
BACK