File _patchinfo of Package patchinfo.8544

Overview Repositories Revisions Requests Users Attributes Meta

File _patchinfo of Package patchinfo.8544

<patchinfo incident="8544">
  <issue tracker="bnc" id="1105019">VUL-0: CVE-2018-12115: nodejs4,nodejs6,nodejs8,nodejs10: Out of bounds (OOB) write</issue>
  <issue tracker="bnc" id="1097748">devel:languages:nodejs/nodejs8: installing nodejs8 also installs nodejs9 and npm9 (instead of npm8)</issue>
  <issue tracker="bnc" id="1097158">VUL-0: CVE-2018-0732: openssl1,openssl,compat-openssl098: Reject excessively large primes in DH key generation.</issue>
  <issue tracker="cve" id="2018-0732"/>
  <issue tracker="cve" id="2018-12115"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>This update for nodejs8 to version 8.11.4 fixes the following issues:

Security issues fixed:

- CVE-2018-12115: Fixed an out-of-bounds memory write in Buffer that could be
  used to write to memory outside of a Buffer's memory space buffer (bsc#1105019)
- Upgrade to OpenSSL 1.0.2p, which fixed:
  - CVE-2018-0732: Client denial-of-service due to large DH parameter (bsc#1097158)
  - ECDSA key extraction via local side-channel

Other changes made:

- Recommend same major version npm package (bsc#1097748)
- Fix parallel/test-tls-passphrase.js test to continue to function with older
  versions of OpenSSL library.
</description>
  <summary>Security update for nodejs8</summary>
</patchinfo>

Places

File _patchinfo of Package patchinfo.8544

Places