Описание
Security update for nodejs8
This update for nodejs8 fixes the following issues:
Security issue fixed:
- CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290).
Non-security issue fixed:
- Backported fixes for OpenSSL 1.1.1 from nodejs8 (bsc#1134209).
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 15
nodejs8-8.15.1-3.17.1
nodejs8-devel-8.15.1-3.17.1
nodejs8-docs-8.15.1-3.17.1
npm8-8.15.1-3.17.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1
nodejs8-8.15.1-3.17.1
nodejs8-devel-8.15.1-3.17.1
nodejs8-docs-8.15.1-3.17.1
npm8-8.15.1-3.17.1
Ссылки
- Link for SUSE-SU-2019:2055-1
- E-Mail link for SUSE-SU-2019:2055-1
- SUSE Security Ratings
- SUSE Bug 1134209
- SUSE Bug 1140290
- SUSE CVE CVE-2019-13173 page
Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.15.1-3.17.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.15.1-3.17.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.15.1-3.17.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.15.1-3.17.1
Ссылки
- CVE-2019-13173
- SUSE Bug 1140290