Oval Definition:oval:org.opensuse.security:def:53407
Revision Date:2020-12-01Version:1
Title:Security update for nodejs8 (Important)
Description:

This update for nodejs8 to version 8.16.1 fixes the following issues:

Security issues fixed:

- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).

Bug fixes:

- Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).
Family:unixClass:patch
Status:Reference(s):1004995
1024014
1024017
1024030
1024034
1024062
1024076
1024079
1029102
1029516
1036873
1038865
1040258
1040614
1040942
1043758
1144919
1146090
1146091
1146093
1146094
1146095
1146097
1146099
1146100
1171456
1171457
1171458
658010
789835
907456
944460
948976
974847
982303
983273
CVE-2010-2529
CVE-2011-0465
CVE-2012-4433
CVE-2012-5112
CVE-2012-5133
CVE-2013-1986
CVE-2014-1344
CVE-2014-1384
CVE-2014-1385
CVE-2014-1386
CVE-2014-1387
CVE-2014-1388
CVE-2014-1389
CVE-2014-1390
CVE-2014-1748
CVE-2014-9112
CVE-2015-0848
CVE-2015-1071
CVE-2015-1076
CVE-2015-1081
CVE-2015-1083
CVE-2015-1120
CVE-2015-1122
CVE-2015-1127
CVE-2015-1153
CVE-2015-1155
CVE-2015-2330
CVE-2015-3247
CVE-2015-3658
CVE-2015-3659
CVE-2015-3727
CVE-2015-3731
CVE-2015-3741
CVE-2015-3743
CVE-2015-3745
CVE-2015-3747
CVE-2015-3748
CVE-2015-3749
CVE-2015-3752
CVE-2015-4588
CVE-2015-4695
CVE-2015-4696
CVE-2015-5260
CVE-2015-5261
CVE-2015-5788
CVE-2015-5794
CVE-2015-5801
CVE-2015-5809
CVE-2015-5822
CVE-2015-5928
CVE-2015-8872
CVE-2015-8899
CVE-2016-10198
CVE-2016-10199
CVE-2016-3977
CVE-2016-4804
CVE-2016-7947
CVE-2016-7948
CVE-2017-5837
CVE-2017-5840
CVE-2017-5841
CVE-2017-5844
CVE-2017-5845
CVE-2017-9217
CVE-2019-9511
CVE-2019-9512
CVE-2019-9513
CVE-2019-9514
CVE-2019-9515
CVE-2019-9516
CVE-2019-9517
CVE-2019-9518
CVE-2020-10957
CVE-2020-10958
CVE-2020-10967
SUSE-SU-2015:1733-1
SUSE-SU-2016:1140-1
SUSE-SU-2016:3269-1
SUSE-SU-2017:0694-1
SUSE-SU-2017:1003-1
SUSE-SU-2017:1010-1
SUSE-SU-2017:1773-1
SUSE-SU-2019:2260-1
SUSE-SU-2020:1379-1
Platform(s):openSUSE Leap 15.0
openSUSE Leap 15.1
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 11 SP4
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 12 SP4
SUSE Linux Enterprise Module for Web Scripting 15
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP1-LTSS
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP2-BCL
SUSE Linux Enterprise Server 12 SP2-ESPOS
SUSE Linux Enterprise Server 12 SP2-LTSS
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 12 SP3-BCL
SUSE Linux Enterprise Server 12 SP3-ESPOS
SUSE Linux Enterprise Server 12 SP3-LTSS
SUSE Linux Enterprise Server 12 SP3-TERADATA
SUSE Linux Enterprise Server 12 SP4
SUSE Linux Enterprise Server 15-LTSS
SUSE OpenStack Cloud 6-LTSS
SUSE OpenStack Cloud 7
SUSE OpenStack Cloud 8
SUSE OpenStack Cloud 9
SUSE OpenStack Cloud Crowbar 8
SUSE OpenStack Cloud Crowbar 9
Product(s):
Definition Synopsis
  • openSUSE Leap 15.0 is installed
  • AND Package Information
  • MozillaThunderbird-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-common-52.7-lp150.2 is installed
  • OR MozillaThunderbird-translations-other-52.7-lp150.2 is installed
    • Definition Synopsis
  • openSUSE Leap 15.1 is installed
  • AND Package Information
  • containerd-1.2.5-lp151.2.3 is installed
  • OR containerd-ctr-1.2.5-lp151.2.3 is installed
  • OR containerd-test-1.2.5-lp151.2.3 is installed
  • OR docker-18.09.6_ce-lp151.2.3 is installed
  • OR docker-bash-completion-18.09.6_ce-lp151.2.3 is installed
  • OR docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3 is installed
  • OR docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3 is installed
  • OR docker-runc-test-1.0.0rc6+gitr3804_2b18fe1d885e-lp151.3.3 is installed
  • OR docker-test-18.09.6_ce-lp151.2.3 is installed
  • OR docker-zsh-completion-18.09.6_ce-lp151.2.3 is installed
  • OR go-1.12-lp151.2.3 is installed
  • OR go-doc-1.12-lp151.2.3 is installed
  • OR go-race-1.12-lp151.2.3 is installed
  • OR go1.11-1.11.9-lp151.2.3 is installed
  • OR go1.11-doc-1.11.9-lp151.2.3 is installed
  • OR go1.11-race-1.11.9-lp151.2.3 is installed
  • OR go1.12-1.12.4-lp151.2.3 is installed
  • OR go1.12-doc-1.12.4-lp151.2.3 is installed
  • OR go1.12-race-1.12.4-lp151.2.3 is installed
  • OR golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-lp151.2.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP2 is installed
  • AND Package Information
  • dhcp-4.2.4.P2-0.11.13 is installed
  • OR dhcp-client-4.2.4.P2-0.11.13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP3 is installed
  • AND Package Information
  • evolution-data-server-2.28.2-0.32 is installed
  • OR evolution-data-server-32bit-2.28.2-0.32 is installed
  • OR evolution-data-server-lang-2.28.2-0.32 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 11 SP4 is installed
  • AND Package Information
  • compat-openssl097g-0.9.7g-146.22.36 is installed
  • OR compat-openssl097g-32bit-0.9.7g-146.22.36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • cpio-2.11-29 is installed
  • OR cpio-lang-2.11-29 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND dnsmasq-2.71-13 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • libsystemd0-228-149 is installed
  • OR libsystemd0-32bit-228-149 is installed
  • OR libudev1-228-149 is installed
  • OR libudev1-32bit-228-149 is installed
  • OR systemd-228-149 is installed
  • OR systemd-32bit-228-149 is installed
  • OR systemd-bash-completion-228-149 is installed
  • OR systemd-sysvinit-228-149 is installed
  • OR udev-228-149 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND dosfstools-3.0.26-6 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP4 is installed
  • AND iputils-s20121221-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 is installed
  • AND Package Information
  • nodejs8-8.16.1-3.20 is installed
  • OR nodejs8-devel-8.16.1-3.20 is installed
  • OR nodejs8-docs-8.16.1-3.20 is installed
  • OR npm8-8.16.1-3.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR alsa-docs-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP1-LTSS is installed
  • AND Package Information
  • kgraft-patch-3_12_74-60_64_40-default-4-2 is installed
  • OR kgraft-patch-3_12_74-60_64_40-xen-4-2 is installed
  • OR kgraft-patch-SLE12-SP1_Update_15-4-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND Package Information
  • systemtap-3.0-7 is installed
  • OR systemtap-runtime-3.0-7 is installed
  • OR systemtap-server-3.0-7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-BCL is installed
  • AND Package Information
  • kernel-default-4.4.121-92.85 is installed
  • OR kernel-default-base-4.4.121-92.85 is installed
  • OR kernel-default-devel-4.4.121-92.85 is installed
  • OR kernel-devel-4.4.121-92.85 is installed
  • OR kernel-macros-4.4.121-92.85 is installed
  • OR kernel-source-4.4.121-92.85 is installed
  • OR kernel-syms-4.4.121-92.85 is installed
  • OR kgraft-patch-4_4_121-92_85-default-1-3.5 is installed
  • OR kgraft-patch-SLE12-SP2_Update_23-1-3.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-ESPOS is installed
  • AND Package Information
  • java-1_7_1-ibm-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-alsa-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-devel-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-jdbc-1.7.1_sr4.25-38.23 is installed
  • OR java-1_7_1-ibm-plugin-1.7.1_sr4.25-38.23 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2-LTSS is installed
  • AND Package Information
  • openssh-7.2p2-74.42 is installed
  • OR openssh-askpass-gnome-7.2p2-74.42 is installed
  • OR openssh-fips-7.2p2-74.42 is installed
  • OR openssh-helpers-7.2p2-74.42 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • coreutils-8.25-12 is installed
  • OR coreutils-lang-8.25-12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-BCL is installed
  • AND Package Information
  • libpython2_7-1_0-2.7.13-28.31 is installed
  • OR libpython2_7-1_0-32bit-2.7.13-28.31 is installed
  • OR python-2.7.13-28.31 is installed
  • OR python-32bit-2.7.13-28.31 is installed
  • OR python-base-2.7.13-28.31 is installed
  • OR python-base-32bit-2.7.13-28.31 is installed
  • OR python-curses-2.7.13-28.31 is installed
  • OR python-demo-2.7.13-28.31 is installed
  • OR python-devel-2.7.13-28.31 is installed
  • OR python-doc-2.7.13-28.31 is installed
  • OR python-doc-pdf-2.7.13-28.31 is installed
  • OR python-gdbm-2.7.13-28.31 is installed
  • OR python-idle-2.7.13-28.31 is installed
  • OR python-tk-2.7.13-28.31 is installed
  • OR python-xml-2.7.13-28.31 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-ESPOS is installed
  • AND Package Information
  • kgraft-patch-4_4_175-94_79-default-6-2 is installed
  • OR kgraft-patch-SLE12-SP3_Update_23-6-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-LTSS is installed
  • AND Package Information
  • nfs-client-1.3.0-34.22 is installed
  • OR nfs-doc-1.3.0-34.22 is installed
  • OR nfs-kernel-server-1.3.0-34.22 is installed
  • OR nfs-utils-1.3.0-34.22 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3-TERADATA is installed
  • AND Package Information
  • libzypp-16.17.20-2.33 is installed
  • OR zypper-1.13.45-21.21 is installed
  • OR zypper-log-1.13.45-21.21 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP4 is installed
  • AND Package Information
  • bluez-5.13-5.4 is installed
  • OR libbluetooth3-5.13-5.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 15-LTSS is installed
  • AND Package Information
  • dovecot23-2.3.10-4.22 is installed
  • OR dovecot23-backend-mysql-2.3.10-4.22 is installed
  • OR dovecot23-backend-pgsql-2.3.10-4.22 is installed
  • OR dovecot23-backend-sqlite-2.3.10-4.22 is installed
  • OR dovecot23-devel-2.3.10-4.22 is installed
  • OR dovecot23-fts-2.3.10-4.22 is installed
  • OR dovecot23-fts-lucene-2.3.10-4.22 is installed
  • OR dovecot23-fts-solr-2.3.10-4.22 is installed
  • OR dovecot23-fts-squat-2.3.10-4.22 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 6-LTSS is installed
  • AND Package Information
  • containerd-1.2.2-16.14 is installed
  • OR docker-18.09.1_ce-98.34 is installed
  • OR docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16 is installed
  • OR docker-runc-1.0.0rc6+gitr3748_96ec2177ae84-1.17 is installed
  • OR golang-github-docker-libnetwork-0.7.0.1+gitr2711_2cfbf9b1f981-16 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND Package Information
  • postgresql94-9.4.19-21.22 is installed
  • OR postgresql94-contrib-9.4.19-21.22 is installed
  • OR postgresql94-docs-9.4.19-21.22 is installed
  • OR postgresql94-server-9.4.19-21.22 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 8 is installed
  • AND Package Information
  • java-1_8_0-ibm-1.8.0_sr6.5-30.63 is installed
  • OR java-1_8_0-ibm-alsa-1.8.0_sr6.5-30.63 is installed
  • OR java-1_8_0-ibm-devel-1.8.0_sr6.5-30.63 is installed
  • OR java-1_8_0-ibm-plugin-1.8.0_sr6.5-30.63 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud 9 is installed
  • AND python-Werkzeug-0.14.1-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 8 is installed
  • AND Package Information
  • crowbar-5.0+git.1528696845.81a7b5d0-3.3 is installed
  • OR crowbar-core-5.0+git.1533887407.6e9b0412d-3.8 is installed
  • OR crowbar-core-branding-upstream-5.0+git.1533887407.6e9b0412d-3.8 is installed
  • OR crowbar-devel-5.0+git.1528696845.81a7b5d0-3.3 is installed
  • OR crowbar-ha-5.0+git.1530177874.35b9099-3.3 is installed
  • OR crowbar-init-5.0+git.1520420379.d5bbb35-3.3 is installed
  • OR crowbar-openstack-5.0+git.1534167599.d325ef804-4.8 is installed
  • OR crowbar-ui-1.2.0+git.1533844061.4ac8e723-3.3 is installed
    • Definition Synopsis
  • SUSE OpenStack Cloud Crowbar 9 is installed
  • AND Package Information
  • ruby2.1-rubygem-rails-html-sanitizer-1.0.3-8.8 is installed
  • OR rubygem-rails-html-sanitizer-1.0.3-8.8 is installed
    • BACK