Описание
Security update for nodejs4
This update for nodejs4 fixes the following issues:
Security issues fixed:
- CVE-2016-5180: c-ares: Fix for single-byte buffer overwrite (bsc#1007728).
Bug fixes:
- bsc#1009011: npm4 should provide versioned nodejs-npm and npm allowing nodejs-packaging to continue to function properly in Leap 42.2
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
nodejs4-4.6.1-11.1
nodejs4-devel-4.6.1-11.1
nodejs4-docs-4.6.1-11.1
npm4-4.6.1-11.1
Ссылки
- Link for SUSE-SU-2016:2898-1
- E-Mail link for SUSE-SU-2016:2898-1
- SUSE Security Ratings
- SUSE Bug 1007728
- SUSE Bug 1009011
- SUSE CVE CVE-2016-5180 page
Описание
Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.6.1-11.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.6.1-11.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.6.1-11.1
SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.6.1-11.1
Ссылки
- CVE-2016-5180
- SUSE Bug 1007728