Oval Definition:oval:org.opensuse.security:def:67482
Revision Date:2020-12-01Version:1
Title:Security update for nodejs10 (Critical)
Description:

This update for nodejs10 fixes the following issues:

nodejs10 was updated to version 10.21.0

- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). - CVE-2020-10531: Fixed an integer overflow in UnicodeString:doAppend() (bsc#1166844). - Fixed an issue with openssl by adding getrandom syscall definition for all Linux platforms (bsc#1162117).

npm was updated to 6.14.3

- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916).
Family:unixClass:patch
Status:Reference(s):1162117
1166844
1166916
1172442
1172443
CVE-2009-0037
CVE-2009-2417
CVE-2013-0249
CVE-2013-1944
CVE-2013-2174
CVE-2013-4545
CVE-2014-0015
CVE-2014-0138
CVE-2014-0139
CVE-2014-3613
CVE-2014-3620
CVE-2014-8150
CVE-2015-3143
CVE-2015-3144
CVE-2015-3145
CVE-2015-3148
CVE-2015-3153
CVE-2015-3236
CVE-2015-3237
CVE-2016-0755
CVE-2016-7167
CVE-2016-8615
CVE-2016-8616
CVE-2016-8617
CVE-2016-8618
CVE-2016-8619
CVE-2016-8620
CVE-2016-8621
CVE-2016-8622
CVE-2016-8623
CVE-2016-8624
CVE-2016-8625
CVE-2016-9586
CVE-2016-9594
CVE-2017-1000099
CVE-2017-1000100
CVE-2017-1000101
CVE-2017-1000254
CVE-2017-1000257
CVE-2017-2629
CVE-2017-7468
CVE-2017-8816
CVE-2017-8817
CVE-2017-8818
CVE-2017-9502
CVE-2018-0500
CVE-2018-1000005
CVE-2018-1000007
CVE-2018-1000120
CVE-2018-1000121
CVE-2018-1000122
CVE-2018-1000300
CVE-2018-1000301
CVE-2018-14618
CVE-2018-16839
CVE-2018-16840
CVE-2018-16842
CVE-2018-16890
CVE-2019-3822
CVE-2019-3823
CVE-2020-10531
CVE-2020-11080
CVE-2020-7598
CVE-2020-8174
SUSE-SU-2020:1568-1
Platform(s):SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • curl-7.60.0-3.17 is installed
  • OR libcurl-devel-7.60.0-3.17 is installed
  • OR libcurl4-7.60.0-3.17 is installed
  • OR libcurl4-32bit-7.60.0-3.17 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed
  • AND Package Information
  • nodejs10-10.21.0-1.21 is installed
  • OR nodejs10-devel-10.21.0-1.21 is installed
  • OR nodejs10-docs-10.21.0-1.21 is installed
  • OR npm10-10.21.0-1.21 is installed
    • BACK