Описание
Security update for nodejs10
This update for nodejs10 to version 10.16.0 fixes the following issues:
Security issue fixed:
- CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290).
Non-security issue fixed:
- Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and openssl version 1.1.1b (bsc#1134208).
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 15
nodejs10-10.16.0-1.9.1
nodejs10-devel-10.16.0-1.9.1
nodejs10-docs-10.16.0-1.9.1
npm10-10.16.0-1.9.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1
nodejs10-10.16.0-1.9.1
nodejs10-devel-10.16.0-1.9.1
nodejs10-docs-10.16.0-1.9.1
npm10-10.16.0-1.9.1
Ссылки
- Link for SUSE-SU-2019:2081-1
- E-Mail link for SUSE-SU-2019:2081-1
- SUSE Security Ratings
- SUSE Bug 1134208
- SUSE Bug 1140290
- SUSE CVE CVE-2019-13173 page
Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-10.16.0-1.9.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-devel-10.16.0-1.9.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs10-docs-10.16.0-1.9.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm10-10.16.0-1.9.1
Ссылки
- CVE-2019-13173
- SUSE Bug 1140290