Описание
Security update for nodejs
This update contains nodejs 4.2.4 and fixes the following issues:
- CVE-2015-6764: unspecified out-of-bounds access vulnerability (boo#956902)
- CVE-2015-8027: unspecified denial of service vulnerability (boo#956901)
The following non-security bugs were fixed:
- boo#948045: Nodejs 4.0 rpm does not install addon-rpm.gypi
- boo#961254: common.gypi should install at /usr/share/node and npm requires nodejs-devel
Also contains all upstream bug fixes and improvements in the 4.2.2, 4.2.3 and 4.2.4 releases.
Список пакетов
openSUSE Leap 42.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0138-1
- SUSE Security Ratings
Описание
The BasicJsonStringifier::SerializeJSArray function in json-stringifier.h in the JSON stringifier in Google V8, as used in Google Chrome before 47.0.2526.73, improperly loads array elements, which allows remote attackers to cause a denial of service (out-of-bounds memory access) or possibly have unspecified other impact via crafted JavaScript code.
Затронутые продукты
Ссылки
- CVE-2015-6764
- SUSE Bug 956902
- SUSE Bug 957519
Описание
Node.js 0.12.x before 0.12.9, 4.x before 4.2.3, and 5.x before 5.1.1 does not ensure the availability of a parser for each HTTP socket, which allows remote attackers to cause a denial of service (uncaughtException and service outage) via a pipelined HTTP request.
Затронутые продукты
Ссылки
- CVE-2015-8027
- SUSE Bug 956901