openSUSE Build Service

Overview Details Repositories Revisions Requests Users Attributes Meta

Security update for nodejs6

This update for nodejs6 to version 6.16.0 fixes the following issues:

Security issues fixed:

- CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652)
- CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534)
- CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625)
- CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626)
- CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627)
- CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)
- CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)

This update was imported from the SUSE:SLE-12:Update update project.

Submitted by Adam Majer (adamm)

Fixed bugs

bnc#1117625

VUL-1: CVE-2018-12120: nodejs4,nodejs6: Debugger port 5858 listens on any interface by default

bnc#1117627

VUL-0: CVE-2018-12122: nodejs4,nodejs6,nodejs8: "Slowloris" HTTP Denial of Service

bnc#1117626

VUL-0: CVE-2018-12121: nodejs4,nodejs6,nodejs8: Denial of Service with large HTTP headers

bnc#1117629

VUL-0: CVE-2018-12123: nodejs4,nodejs6,nodejs8: Hostname spoofing in URL parser for javascript protocol

bnc#1113652

VUL-1: CVE-2018-0734: openssl,openssl1,openssl-1_1,openssl-1_0_0,compat-openssl098: Timing vulnerability in DSA signature generation

bnc#1113534

VUL-0: CVE-2018-5407: Hyperthread port content side channel aka "PortSmash"

bnc#1117630

VUL-0: CVE-2018-12116: nodejs4,nodejs6,nodejs8: HTTP request splitting

Places

Fixed bugs

Selected Binaries

Places