File _patchinfo of Package patchinfo.12313

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.12313

<patchinfo incident="12313">
  <issue tracker="bnc" id="1146099">VUL-0: CVE-2019-9512: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2: flood using PING frames results in unbounded memory growth</issue>
  <issue tracker="bnc" id="1146094">VUL-1: CVE-2019-9513: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.</issue>
  <issue tracker="bnc" id="1146095">VUL-0: CVE-2019-9514: nodejs4,nodejs6,nodejs8,nodejs10,nodejs:  HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1146097">VUL-0: CVE-2019-9517: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementations are vulnerable to unconstrained interal data buffering</issue>
  <issue tracker="bnc" id="1146090">VUL-0: CVE-2019-9516: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to a header leak, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1146091">VUL-0: CVE-2019-9511: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1146093">VUL-0: CVE-2019-9518: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to a flood of empty frames, potentially leading to a denial of service</issue>
  <issue tracker="bnc" id="1144919">devel:languages:nodejs/nodejs8: Inconsistent npmrc location vs. nodejs10</issue>
  <issue tracker="bnc" id="1146100">VUL-0: CVE-2019-9515: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2: flood using SETTINGS frames results in unbounded memory growth</issue>
  <issue tracker="cve" id="2019-9518"/>
  <issue tracker="cve" id="2019-9515"/>
  <issue tracker="cve" id="2019-9514"/>
  <issue tracker="cve" id="2019-9517"/>
  <issue tracker="cve" id="2019-9516"/>
  <issue tracker="cve" id="2019-9511"/>
  <issue tracker="cve" id="2019-9513"/>
  <issue tracker="cve" id="2019-9512"/>
  <category>security</category>
  <rating>important</rating>
  <packager>adamm</packager>
  <description>This update for nodejs8 to version 8.16.1 fixes the following issues:

Security issues fixed:

- CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).
- CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).
- CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).
- CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
- CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
- CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
- CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).
- CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).

Bug fixes:

- Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919).
</description>
  <summary>Security update for nodejs8</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.12313

Places