Описание
Security update for nodejs6
This update for nodejs6 fixes the following issues:
- CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290).
Список пакетов
SUSE Enterprise Storage 4
nodejs6-6.17.0-11.27.1
SUSE Linux Enterprise Module for Web and Scripting 12
nodejs6-6.17.0-11.27.1
nodejs6-devel-6.17.0-11.27.1
nodejs6-docs-6.17.0-11.27.1
npm6-6.17.0-11.27.1
SUSE OpenStack Cloud 7
nodejs6-6.17.0-11.27.1
SUSE OpenStack Cloud Crowbar 8
nodejs6-6.17.0-11.27.1
SUSE OpenStack Cloud Crowbar 9
nodejs6-6.17.0-11.27.1
Ссылки
- Link for SUSE-SU-2019:2181-1
- E-Mail link for SUSE-SU-2019:2181-1
- SUSE Security Ratings
- SUSE Bug 1140290
- SUSE CVE CVE-2019-13173 page
Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Затронутые продукты
SUSE Enterprise Storage 4:nodejs6-6.17.0-11.27.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.0-11.27.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.0-11.27.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.0-11.27.1
Ссылки
- CVE-2019-13173
- SUSE Bug 1140290