Описание
Security update for nodejs8
This update for nodejs8 fixes the following issues:
- CVE-2020-15095: Fixed information leak through log files (bsc#1173937).
- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686).
Список пакетов
SUSE Linux Enterprise Module for Web and Scripting 15 SP1
nodejs8-8.17.0-3.38.1
nodejs8-devel-8.17.0-3.38.1
nodejs8-docs-8.17.0-3.38.1
npm8-8.17.0-3.38.1
Ссылки
- Link for SUSE-SU-2020:2870-1
- E-Mail link for SUSE-SU-2020:2870-1
- SUSE Security Ratings
- SUSE Bug 1172686
- SUSE Bug 1173937
- SUSE CVE CVE-2020-15095 page
Описание
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
Затронутые продукты
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-8.17.0-3.38.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-devel-8.17.0-3.38.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:nodejs8-docs-8.17.0-3.38.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1:npm8-8.17.0-3.38.1
Ссылки
- CVE-2020-15095
- SUSE Bug 1173937