Security update for nodejs8 (important)

An update that solves 8 vulnerabilities and has one errata
is now available.

Description:

This update for nodejs8 to version 8.16.1 fixes the following issues:

Security issues fixed:

• CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to
  window size manipulation and stream prioritization manipulation,
  potentially leading to a denial of service (bsc#1146091).
• CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded
  memory growth (bsc#1146099).
• CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to
  resource loops, potentially leading to a denial of service.
  (bsc#1146094).
• CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset
  flood, potentially leading to a denial of service (bsc#1146095).
• CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in
  unbounded memory growth (bsc#1146100).
• CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a
  header leak, potentially leading to a denial of service (bsc#1146090).
• CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to
  unconstrained interal data buffering (bsc#1146097).
• CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood
  of empty frames, potentially leading to a denial of service
  (bsc#1146093).

Bug fixes:

• Fixed that npm resolves its default config file like in all other
  versions, as /etc/nodejs/npmrc (bsc#1144919).

This update was imported from the SUSE:SLE-15:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

• openSUSE Leap 15.1:

  zypper in -t patch openSUSE-2019-2115=1

• openSUSE Leap 15.0:

  zypper in -t patch openSUSE-2019-2115=1