Oval Definition:oval:org.opensuse.security:def:80662
Revision Date:2018-01-30Version:1
Title:Security update for nodejs6 (Moderate)
Description:

This update for nodejs6 fixes the following issues:

Security issues fixed:

- CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058).

Bug fixes:

- Update to LTS release 6.12.2 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v6.12.2/ * https://nodejs.org/en/blog/release/v6.12.1/ * https://nodejs.org/en/blog/release/v6.12.0/ * https://nodejs.org/en/blog/release/v6.11.5/ * https://nodejs.org/en/blog/release/v6.11.4/ * https://nodejs.org/en/blog/release/v6.11.3/ * https://nodejs.org/en/blog/release/v6.11.2/
Family:unixClass:patch
Status:Reference(s):1056058
1066242
1072322
CVE-2017-14919
CVE-2017-15896
CVE-2017-3735
CVE-2017-3736
CVE-2017-3738
SUSE-SU-2018:0293-1
Platform(s):SUSE OpenStack Cloud 7
Product(s):
Definition Synopsis
  • SUSE OpenStack Cloud 7 is installed
  • AND nodejs6-6.12.2-11.8.1 is installed
  • BACK