Oval Definition:oval:org.opensuse.security:def:66195
Revision Date:2020-12-01Version:1
Title:Security update for nodejs8 (Important)
Description:

This update for nodejs8 to version 8.16.1 fixes the following issues:

Security issues fixed:

- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).

Bug fixes:

- Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).
Family:unixClass:patch
Status:Reference(s):1100352
1129715
1137526
1144919
1146090
1146091
1146093
1146094
1146095
1146097
1146099
1146100
1154064
CVE-2018-13301
CVE-2019-12730
CVE-2019-17542
CVE-2019-9511
CVE-2019-9512
CVE-2019-9513
CVE-2019-9514
CVE-2019-9515
CVE-2019-9516
CVE-2019-9517
CVE-2019-9518
CVE-2019-9718
SUSE-SU-2019:2260-1
SUSE-SU-2019:3184-1
Platform(s):SUSE Linux Enterprise Module for Web Scripting 15 SP1
SUSE Linux Enterprise Workstation Extension 15 SP1
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed
  • AND Package Information
  • nodejs8-8.16.1-3.20 is installed
  • OR nodejs8-devel-8.16.1-3.20 is installed
  • OR nodejs8-docs-8.16.1-3.20 is installed
  • OR npm8-8.16.1-3.20 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • ffmpeg-3.4.2-4.27 is installed
  • OR libavcodec-devel-3.4.2-4.27 is installed
  • OR libavformat-devel-3.4.2-4.27 is installed
  • OR libavformat57-3.4.2-4.27 is installed
  • OR libavresample-devel-3.4.2-4.27 is installed
  • OR libavresample3-3.4.2-4.27 is installed
    • BACK