OPENSUSE-SU-2019:2114-1 Security update for nodejs10

This update for nodejs10 to version 10.16.3 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service bsc1146091. -...

OPENSUSE-SU-2019:0089-1 Security update for nodejs8

This update for nodejs8 to version 8.15.0 fixes the following issues: Security issues fixed: - CVE-2018-12121: Fixed a Denial of Service with large HTTP headers bsc1117626 - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service bsc1117627 - CVE-2018-12116: Fixed HTTP request splitting...

SUSE-SU-2018:2812-1 Security update for nodejs8

This update for nodejs8 to version 8.11.4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: -...

SUSE-SU-2018:2796-1 Security update for nodejs6

This update for nodejs6 to version 6.14.4 fixes the following issues: Security issues fixed: CVE-2018-12115: Fixed an out-of-bounds OOB write in Buffer.write for UCS-2 encoding bsc1105019 CVE-2018-0732: Upgrade to OpenSSL 1.0.2p, fixing a client DoS due to large DH parameter bsc1097158 Other issu...

Security update for nodejs4 (moderate)

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be used to write to memory outside of a Buffer's memory space buffer bsc1105019 - Upgrade to OpenSSL 1.0.2p, which fixed: - CVE-2018-0732: Client...

SUSE-SU-2018:0002-1 Security update for nodejs4

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL bsc1072322. - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to...

openSUSE Security Update : nodejs4 / nodejs6 (openSUSE-2017-948)

This update for nodejs4 and nodejs6 fixes the following issues : Security issues fixed : - CVE-2017-1000381: The c-ares function aresparsenaptrreply could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. bsc1044946...

SUSE-SU-2016:2470-2 Security update for nodejs4

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: Nodejs embedded openssl version update + upgrade to 1.0.2j CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052 + remove support for dynamic 3rd party engine modules http: Properly...