Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseSUSE-SU-2016:2470-1
HistoryOct 06, 2016 - 8:14 p.m.

Security update for nodejs4 (important)

2016-10-0620:14:21
lists.opensuse.org
30

0.385 Low

EPSS

Percentile

96.9%

JSON

This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs
and security issues:

  • Nodejs embedded openssl version update
    • upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178,
      CVE-2016-6306, CVE-2016-7052)
    • remove support for dynamic 3rd party engine modules
  • http: Properly validate for allowable characters in input user data.
    This introduces a new case where throw may occur when configuring HTTP
    responses, users should already be adopting try/catch here.
    (CVE-2016-5325, bsc#985201)
  • tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652)
  • buffer: Zero-fill excess bytes in new Buffer objects created with
    Buffer.concat()
OSVersionArchitecturePackageVersionFilename
SUSE Linux Enterprise Module for Web Scripting12x86_64nodejs4-debugsource< 4.6.0-8.1nodejs4-debugsource-4.6.0-8.1.x86_64.rpm
SUSE Linux Enterprise Module for Web Scripting12x86_64nodejs4-debuginfo< 4.6.0-8.1nodejs4-debuginfo-4.6.0-8.1.x86_64.rpm
SUSE Linux Enterprise Module for Web Scripting12ppc64lenodejs4-devel< 4.6.0-8.1nodejs4-devel-4.6.0-8.1.ppc64le.rpm
SUSE Linux Enterprise Module for Web Scripting12x86_64npm4< 4.6.0-8.1npm4-4.6.0-8.1.x86_64.rpm
SUSE Linux Enterprise Module for Web Scripting12x86_64nodejs4-devel< 4.6.0-8.1nodejs4-devel-4.6.0-8.1.x86_64.rpm
SUSE Linux Enterprise Module for Web Scripting12noarchnodejs4-docs< 4.6.0-8.1nodejs4-docs-4.6.0-8.1.noarch.rpm
SUSE Linux Enterprise Module for Web Scripting12ppc64lenodejs4-debugsource< 4.6.0-8.1nodejs4-debugsource-4.6.0-8.1.ppc64le.rpm
SUSE Linux Enterprise Module for Web Scripting12ppc64lenpm4< 4.6.0-8.1npm4-4.6.0-8.1.ppc64le.rpm
SUSE Linux Enterprise Module for Web Scripting12ppc64lenodejs4-debuginfo< 4.6.0-8.1nodejs4-debuginfo-4.6.0-8.1.ppc64le.rpm
SUSE Linux Enterprise Module for Web Scripting12x86_64nodejs4< 4.6.0-8.1nodejs4-4.6.0-8.1.x86_64.rpm
Rows per page:
1-10 of 111

Related

suse 11
nessus 42
openvas 23
ibm 61
mageia 2
threatpost 2
nodejsblog 1
oraclelinux 2
aix 1
f5 4
fedora 5
redhat 4
centos 1
cloudfoundry 1
gentoo 1
archlinux 4
osv 3
ubuntu 2
altlinux 1
debian 2
prion 5
ubuntucve 3
cve 3
redhatcve 3
veracode 2
debiancve 3
huawei 1
alpinelinux 1
slackware 1
openssl 2
freebsd_advisory 1
cisco 1
suse
suse
Security update for nodejs4 (important)
2016-11-01 16:19:35
Security update for nodejs (important)
2016-10-11 19:20:03
Security update for compat-openssl098 (important)
2016-10-06 20:09:29
nessus
nessus
SUSE SLES12 Security Update : nodejs4 (SUSE-SU-2016:2470-1)
2019-01-02 00:00:00
openSUSE Security Update : nodejs (openSUSE-2016-1172)
2016-10-12 00:00:00
Arista Networks EOS 4.17 Multiple Vulnerabilities (SA0024) (SWEET32)
2018-02-28 00:00:00
openvas
openvas
openSUSE: Security Advisory for nodejs (openSUSE-SU-2016:2496-1)
2016-10-12 00:00:00
Fedora Update for openssl FEDORA-2016-97454404fe
2016-11-14 00:00:00
Fedora Update for openssl FEDORA-2016-a555159613
2016-09-28 00:00:00
ibm
ibm
Security Bulletin: Multiple vulnerabilities may affect IBM® SDK for Node.js™ in IBM Bluemix
2018-08-09 04:20:36
Security Bulletin: Multiple OpenSSL and Non-OpenSSL vulnerabilities in Node.js included in Rational Application Developer for WebSphere Software
2020-02-05 00:09:48
Security Bulletin: Security vulnerabilities in IBM SDK for Node.js might affect IBM Business Process Manager (BPM) Configuration Editor
2018-06-15 07:06:49
mageia
mageia
Updated nodejs packages fix security vulnerability
2017-07-13 12:10:46
Updated openssl packages fix security vulnerabilities
2016-10-12 01:12:20
threatpost
threatpost
OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack
2016-09-23 15:47:13
OpenSSL Fixes Critical Bug Introduced by Latest Update
2016-09-26 10:45:04
nodejsblog
nodejsblog
Security updates for all active release lines, September 2016
2016-09-23 00:00:00
oraclelinux
oraclelinux
openssl security update
2016-10-13 00:00:00
openssl security update
2016-09-27 00:00:00
aix
aix
Vulnerabilities in OpenSSL affect AIX
2016-11-14 13:29:26
f5
f5
K24444803 : Node.js vulnerabilities CVE-2015-8860, CVE-2015-8856, CVE-2016-7099, and CVE-2016-5325
2018-10-17 00:00:00
SOL39272405 - OpenSSL vulnerability CVE-2016-7052
2016-10-10 00:00:00
K39272405 : OpenSSL vulnerability CVE-2016-7052
2016-10-10 00:00:00
fedora
fedora
[SECURITY] Fedora 25 Update: openssl-1.0.2j-1.fc25
2016-10-09 03:28:42
[SECURITY] Fedora 23 Update: openssl-1.0.2j-1.fc23
2016-10-11 23:24:05
[SECURITY] Fedora 24 Update: openssl-1.0.2j-1.fc24
2016-09-28 01:57:16
redhat
redhat
(RHSA-2017:0002) Important: rh-nodejs4-nodejs and rh-nodejs4-http-parser security update
2017-01-02 15:33:44
(RHSA-2016:1940) Important: openssl security update
2016-09-27 11:50:45
(RHSA-2017:1659) Important: Red Hat JBoss Enterprise Application Platform 6.4.16 natives update
2017-06-28 19:59:12
centos
centos
openssl security update
2016-09-28 14:48:04
cloudfoundry
cloudfoundry
USN-3087-2 OpenSSL Regression | Cloud Foundry
2016-09-28 00:00:00
gentoo
gentoo
OpenSSL: Multiple vulnerabilities
2016-12-07 00:00:00
archlinux
archlinux
[ASA-201609-23] openssl: multiple issues
2016-09-26 00:00:00
[ASA-201609-24] lib32-openssl: multiple issues
2016-09-26 00:00:00
[ASA-201609-30] openssl: denial of service
2016-09-28 00:00:00
osv
osv
openssl - regression update
2016-09-22 00:00:00
openssl - security update
2016-09-22 00:00:00
openssl - security update
2016-09-25 00:00:00
ubuntu
ubuntu
OpenSSL vulnerabilities
2016-09-22 00:00:00
OpenSSL regression
2016-09-23 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 7 package openssl10 version 1.0.1u-alt0.M70P.1
2016-09-23 00:00:00
debian
debian
[SECURITY] [DLA 637-1] openssl security update
2016-09-25 11:55:01
[SECURITY] [DSA 3673-1] openssl security update
2016-09-22 16:50:14
prion
prion
Design/Logic Flaw
2016-10-10 16:59:00
Crlf injection
2016-10-10 16:59:00
Null pointer dereference
2016-09-26 19:59:00
ubuntucve
ubuntucve
CVE-2016-7099
2016-10-10 00:00:00
CVE-2016-5325
2016-10-10 00:00:00
CVE-2016-7052
2016-09-26 00:00:00
cve
cve
CVE-2016-5325
2016-10-10 16:59:00
CVE-2016-7099
2016-10-10 16:59:00
CVE-2016-7052
2016-09-26 19:59:00
redhatcve
redhatcve
CVE-2016-5325
2016-06-15 16:19:00
CVE-2016-7099
2016-09-28 06:47:27
CVE-2016-7052
2016-09-26 11:17:23
veracode
veracode
Man-in-the-Middle (MitM)
2018-09-24 07:23:39
HTTP Response Splitting
2018-09-24 05:08:11
debiancve
debiancve
CVE-2016-7099
2016-10-10 16:59:00
CVE-2016-5325
2016-10-10 16:59:00
CVE-2016-7052
2016-09-26 19:59:00
huawei
huawei
Security Advisory - Sixteen OpenSSL Vulnerabilities on Some Huawei products
2017-03-22 00:00:00
alpinelinux
alpinelinux
CVE-2016-7052
2016-09-26 19:59:00
slackware
slackware
[slackware-security] openssl
2016-09-26 18:59:48
openssl
openssl
Vulnerability in OpenSSL CVE-2016-7052
2016-09-26 00:00:00
Vulnerability in OpenSSL CVE-2016-6306
2016-09-21 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-16:27.openssl
2016-10-10 00:00:00
cisco
cisco
Multiple Vulnerabilities in OpenSSL Affecting Cisco Products: September 2016
2016-09-27 22:40:00

0.385 Low

EPSS

Percentile

96.9%

JSON
Related for SUSE-SU-2016:2470-1
suse11nessus42openvas23ibm61mageia2threatpost2nodejsblog1oraclelinux2aix1f54fedora5redhat4centos1cloudfoundry1gentoo1archlinux4osv3ubuntu2altlinux1debian2prion5ubuntucve3cve3redhatcve3veracode2debiancve3huawei1alpinelinux1slackware1openssl2freebsd_advisory1cisco1