Revision Date: | 2018-01-30 | Version: | 1 |
Title: | Security update for nodejs6 (Moderate) |
Description: |
This update for nodejs6 fixes the following issues:
Security issues fixed:
- CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058).
Bug fixes:
- Update to LTS release 6.12.2 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v6.12.2/ * https://nodejs.org/en/blog/release/v6.12.1/ * https://nodejs.org/en/blog/release/v6.12.0/ * https://nodejs.org/en/blog/release/v6.11.5/ * https://nodejs.org/en/blog/release/v6.11.4/ * https://nodejs.org/en/blog/release/v6.11.3/ * https://nodejs.org/en/blog/release/v6.11.2/
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1056058 1066242 1072322 CVE-2017-14919 CVE-2017-15896 CVE-2017-3735 CVE-2017-3736 CVE-2017-3738 SUSE-SU-2018:0293-1
|
Platform(s): | SUSE OpenStack Cloud 7
| Product(s): | |
Definition Synopsis |
SUSE OpenStack Cloud 7 is installed AND nodejs6-6.12.2-11.8.1 is installed
|