| Revision Date: | 2017-08-15 | Version: | 1 |
| Title: | Security update for nodejs4, nodejs6 (Moderate) |
| Description: |
This update for nodejs4 and nodejs6 fixes the following issues:
Security issues fixed:
- CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299)
Non-security fixes:
- GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1 - New upstream LTS release 6.11.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0 - New upstream LTS release 6.10.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3 - New upstream LTS release 6.10.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2 - New upstream LTS release 6.10.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1 - New upstream LTS release 6.10.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0
- New upstream LTS release 4.8.4 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4 - New upstream LTS release 4.8.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3 - New upstream LTS release 4.8.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2 - New upstream LTS release 4.8.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1 - New upstream LTS release 4.8.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0
|
| Family: | unix | Class: | patch |
| Status: | | Reference(s): | 1041282
1041283
1044946
1048299
CVE-2017-1000381
CVE-2017-11499
SUSE-SU-2017:2168-1
|
| Platform(s): | SUSE OpenStack Cloud 7
| Product(s): | |
| Definition Synopsis |
| SUSE OpenStack Cloud 7 is installed AND Package Information
nodejs-common-1.0-2.1 is installed
OR nodejs6-6.11.1-11.5.1 is installed
|