Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

SUSE-SU-2020:2823-1

Опубликовано: 01 окт. 2020
Источник: suse-cvrf

Описание

Security update for nodejs10

This update for nodejs10 fixes the following issues:

  • nodejs10 was updated to 10.22.1 LTS:
    • CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589).
    • CVE-2020-15095: Fixed an information leak through log files (bsc#1173937).
  • Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686)

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12
nodejs10-10.22.1-1.30.1
nodejs10-devel-10.22.1-1.30.1
nodejs10-docs-10.22.1-1.30.1
npm10-10.22.1-1.30.1

Ссылки

Описание

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.22.1-1.30.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.22.1-1.30.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.22.1-1.30.1
SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.22.1-1.30.1
Ссылки

Описание

The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.

Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-10.22.1-1.30.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-devel-10.22.1-1.30.1
SUSE Linux Enterprise Module for Web and Scripting 12:nodejs10-docs-10.22.1-1.30.1
SUSE Linux Enterprise Module for Web and Scripting 12:npm10-10.22.1-1.30.1
Ссылки