Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:GA
patchinfo.12313
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.12313
<patchinfo incident="12313"> <issue tracker="bnc" id="1146099">VUL-0: CVE-2019-9512: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2: flood using PING frames results in unbounded memory growth</issue> <issue tracker="bnc" id="1146094">VUL-1: CVE-2019-9513: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to resource loops, potentially leading to a denial of service.</issue> <issue tracker="bnc" id="1146095">VUL-0: CVE-2019-9514: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to a reset flood, potentially leading to a denial of service</issue> <issue tracker="bnc" id="1146097">VUL-0: CVE-2019-9517: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementations are vulnerable to unconstrained interal data buffering</issue> <issue tracker="bnc" id="1146090">VUL-0: CVE-2019-9516: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to a header leak, potentially leading to a denial of service</issue> <issue tracker="bnc" id="1146091">VUL-0: CVE-2019-9511: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementations are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service</issue> <issue tracker="bnc" id="1146093">VUL-0: CVE-2019-9518: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2 implementation is vulnerable to a flood of empty frames, potentially leading to a denial of service</issue> <issue tracker="bnc" id="1144919">devel:languages:nodejs/nodejs8: Inconsistent npmrc location vs. nodejs10</issue> <issue tracker="bnc" id="1146100">VUL-0: CVE-2019-9515: nodejs4,nodejs6,nodejs8,nodejs10,nodejs: HTTP/2: flood using SETTINGS frames results in unbounded memory growth</issue> <issue tracker="cve" id="2019-9518"/> <issue tracker="cve" id="2019-9515"/> <issue tracker="cve" id="2019-9514"/> <issue tracker="cve" id="2019-9517"/> <issue tracker="cve" id="2019-9516"/> <issue tracker="cve" id="2019-9511"/> <issue tracker="cve" id="2019-9513"/> <issue tracker="cve" id="2019-9512"/> <category>security</category> <rating>important</rating> <packager>adamm</packager> <description>This update for nodejs8 to version 8.16.1 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100). - CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090). - CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097). - CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093). Bug fixes: - Fixed that npm resolves its default config file like in all other versions, as /etc/nodejs/npmrc (bsc#1144919). </description> <summary>Security update for nodejs8</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor