SUSE: 2019:0117-1 Important: Nodejs4 Denial Of Service and Timing Issues

suse

January 18, 2019

An update that fixes 7 vulnerabilities is now available

Summary

This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

Topics Covered

security advisory denial of service important timing attack SUSE nodejs side channel

References

#1113534 #1113652 #1117625 #1117626 #1117627

#1117629 #1117630

Cross- CVE-2018-0734 CVE-2018-12116 CVE-2018-12120

CVE-2018-12121 CVE-2018-12122 CVE-2018-12123

CVE-2018-5407

Affected Products:

SUSE Linux Enterprise Module for Web Scripting 12

SUSE Enterprise Storage 4

https://www.suse.com/security/cve/CVE-2018-0734.html

https://www.suse.com/security/cve/CVE-2018-12116.html

https://www.suse.com/security/cve/CVE-2018-12120.html

https://www.suse.com/security/cve/CVE-2018-12121.html

https://www.suse.com/security/cve/CVE-2018-12122.html

https://www.suse.com/security/cve/CVE-2018-12123.html

https://www.suse.com/security/cve/CVE-2018-5407.html

https://bugzilla.suse.com/1113534

https://bugzilla.suse.com/1113652

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2019:0117-1

Rating: important

Topics Covered

security advisory denial of service important timing attack SUSE nodejs side channel

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:0117-1 Important: Nodejs4 Denial Of Service and Timing Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2019:0117-1 Important: Nodejs4 Denial Of Service and Timing Issues

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!