Описание
Security update for nodejs6
This update for nodejs6 fixes the following issues:
- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916).
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 12
nodejs6-6.17.1-11.37.1
nodejs6-devel-6.17.1-11.37.1
nodejs6-docs-6.17.1-11.37.1
npm6-6.17.1-11.37.1
SUSE OpenStack Cloud 7
nodejs6-6.17.1-11.37.1
SUSE OpenStack Cloud Crowbar 8
nodejs6-6.17.1-11.37.1
SUSE OpenStack Cloud Crowbar 9
nodejs6-6.17.1-11.37.1
Ссылки
- Link for SUSE-SU-2020:1623-1
- E-Mail link for SUSE-SU-2020:1623-1
- SUSE Security Ratings
- SUSE Bug 1166916
- SUSE Bug 1172443
- SUSE CVE CVE-2020-7598 page
- SUSE CVE CVE-2020-8174 page
Описание
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.1-11.37.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.1-11.37.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.1-11.37.1
SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.1-11.37.1
Ссылки
- CVE-2020-7598
- SUSE Bug 1166916
Описание
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.17.1-11.37.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.17.1-11.37.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.17.1-11.37.1
SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.17.1-11.37.1
Ссылки
- CVE-2020-8174
- SUSE Bug 1172443