Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2019:0627-1

Опубликовано: 18 мар. 2019
Источник: suse-cvrf

Описание

Security update for nodejs10

This update for nodejs10 to versio 10.15.2 fixes the following issue:

Security issue fixed:

  • CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 15
nodejs10-10.15.2-1.6.1
nodejs10-devel-10.15.2-1.6.1
nodejs10-docs-10.15.2-1.6.1
npm10-10.15.2-1.6.1

Ссылки

Описание

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-10.15.2-1.6.1
SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-devel-10.15.2-1.6.1
SUSE Linux Enterprise Module for Web and Scripting 15:nodejs10-docs-10.15.2-1.6.1
SUSE Linux Enterprise Module for Web and Scripting 15:npm10-10.15.2-1.6.1
Ссылки