Описание
Security update for nodejs4
This update for nodejs4 fixes the following issues:
- CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290).
Список пакетов
SUSE Enterprise Storage 4
nodejs4-4.9.1-15.23.1
SUSE Linux Enterprise Module for Web and Scripting 12
nodejs4-4.9.1-15.23.1
nodejs4-devel-4.9.1-15.23.1
nodejs4-docs-4.9.1-15.23.1
npm4-4.9.1-15.23.1
Ссылки
- Link for SUSE-SU-2019:2078-1
- E-Mail link for SUSE-SU-2019:2078-1
- SUSE Security Ratings
- SUSE Bug 1140290
- SUSE CVE CVE-2019-13173 page
Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Затронутые продукты
SUSE Enterprise Storage 4:nodejs4-4.9.1-15.23.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.23.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.23.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.23.1
Ссылки
- CVE-2019-13173
- SUSE Bug 1140290