Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:Update
patchinfo.3284
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.3284
<patchinfo incident="3284"> <issue id="985201" tracker="bnc">VUL-0: CVE-2016-5325: nodejs, nodejs4: HTTP processing security defect</issue> <issue id="1001652" tracker="bnc">VUL-0: CVE-2016-7099: nodejs, nodejs4: wildcard certificates not properly validated</issue> <issue id="2016-6304" tracker="cve" /> <issue id="2016-6306" tracker="cve" /> <issue id="2016-2178" tracker="cve" /> <issue id="2016-2183" tracker="cve" /> <issue id="2016-5325" tracker="cve" /> <issue id="2016-7099" tracker="cve" /> <issue id="2016-7052" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>adamm</packager> <description> This update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues: * Nodejs embedded openssl version update + upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052) + remove support for dynamic 3rd party engine modules * http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here. (CVE-2016-5325, bsc#985201) * tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652) * buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat() </description> <summary>Security update for nodejs4</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor