What Are You Looking For?

Sign Up

   SUSE Security Update: Security update for nodejs8
______________________________________________________________________________

Announcement ID:    SUSE-SU-2020:2800-1
Rating:             critical
References:         #1166916 #1172442 #1172443 #1172686 #1172728 
                    #1173937 
Cross-References:   CVE-2020-11080 CVE-2020-15095 CVE-2020-7598
                    CVE-2020-8174
Affected Products:
                    SUSE Linux Enterprise Module for Web Scripting 15-SP2
______________________________________________________________________________

   An update that solves four vulnerabilities and has two
   fixes is now available.

Description:

   This update for nodejs8 fixes the following issues:

   - CVE-2020-8174: Fixed multiple memory corruption in
     napi_get_value_string_*() (bsc#1172443).
   - CVE-2020-11080: Fixed a potential denial of service when receiving
     unreasonably large HTTP/2 SETTINGS frames (bsc#1172442).
   - CVE-2020-7598: Fixed an issue which could have tricked minimist into
     adding or modifying properties of Object.prototype (bsc#1166916)
   - CVE-2020-15095: Fixed information leak through log files (bsc#1173937).
   - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on
     Aarch64 with gcc10 (bsc#1172686).
   - Add Require for nodejs8 when intalling npm8 (bsc#1172728)


Patch Instructions:

   To install this SUSE Security Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Web Scripting 15-SP2:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2800=1



Package List:

   - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64):

      nodejs8-8.17.0-10.3.1
      nodejs8-debuginfo-8.17.0-10.3.1
      nodejs8-debugsource-8.17.0-10.3.1
      nodejs8-devel-8.17.0-10.3.1
      npm8-8.17.0-10.3.1

   - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch):

      nodejs8-docs-8.17.0-10.3.1


References:

   https://www.suse.com/security/cve/CVE-2020-11080.html
   https://www.suse.com/security/cve/CVE-2020-15095.html
   https://www.suse.com/security/cve/CVE-2020-7598.html
   https://www.suse.com/security/cve/CVE-2020-8174.html
   https://bugzilla.suse.com/1166916
   https://bugzilla.suse.com/1172442
   https://bugzilla.suse.com/1172443
   https://bugzilla.suse.com/1172686
   https://bugzilla.suse.com/1172728
   https://bugzilla.suse.com/1173937

_______________________________________________
sle-security-updates mailing list
sle-security-updates@lists.suse.com
https://lists.suse.com/mailman/listinfo/sle-security-updates

SUSE: 2020:2800-1 critical: nodejs8

September 30, 2020
An update that solves four vulnerabilities and has two fixes is now available

Summary

This update for nodejs8 fixes the following issues: - CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443). - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442). - CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916) - CVE-2020-15095: Fixed information leak through log files (bsc#1173937). - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686). - Add Require for nodejs8 when intalling npm8 (bsc#1172728) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2020-2800=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs8-8.17.0-10.3.1 nodejs8-debuginfo-8.17.0-10.3.1 nodejs8-debugsource-8.17.0-10.3.1 nodejs8-devel-8.17.0-10.3.1 npm8-8.17.0-10.3.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs8-docs-8.17.0-10.3.1

References

#1166916 #1172442 #1172443 #1172686 #1172728

#1173937

Cross- CVE-2020-11080 CVE-2020-15095 CVE-2020-7598

CVE-2020-8174

Affected Products:

SUSE Linux Enterprise Module for Web Scripting 15-SP2

https://www.suse.com/security/cve/CVE-2020-11080.html

https://www.suse.com/security/cve/CVE-2020-15095.html

https://www.suse.com/security/cve/CVE-2020-7598.html

https://www.suse.com/security/cve/CVE-2020-8174.html

https://bugzilla.suse.com/1166916

https://bugzilla.suse.com/1172442

https://bugzilla.suse.com/1172443

https://bugzilla.suse.com/1172686

https://bugzilla.suse.com/1172728

https://bugzilla.suse.com/1173937

Severity
Announcement ID: SUSE-SU-2020:2800-1
Rating: critical

Related News

Kubernetes Security on AWS: A Practical Guide

Nov 18, 2023

Kinsing Hackers Exploit Apache ActiveMQ Vulnerability to Deploy Linux Rootkits

Nov 25, 2023

Nitrux 3.2.0 Linux Distro Released with Enhanced Security and New Features

Nov 28, 2023

Severe Firefox, Thunderbird Bugs Could Lead to System Takeover

Dec 2, 2023

News

Advisories

HOWTOs

Features

Using Open Source to Ensure Compliance & Data Integrity through Data Governance
Critical Linux Kernel Bugs Lead to DoS, Privilege Escalation - Patch Now!
Unlocking the Future of Authentication: Passkeys vs. Passwords
Empowering MSPs with Straightforward Linux Device Management
A Complete Guide to Torrenting Safely in 2024

About Us

Powered By

Footer Logo