Описание
Security update for nodejs
This update for nodejs fixes the following issues:
- CVE-2016-2216: Response splitting vulnerability using Unicode characters (boo#966076)
- CVE-2016-2086: Request smuggling vulnerability (boo#966077)
Node.js was updated to the 4.3.1 LTS version, containing all upstream bug fixes and improvements.
Список пакетов
openSUSE Leap 42.1
nodejs-4.3.1-24.1
nodejs-devel-4.3.1-24.1
nodejs-docs-4.3.1-24.1
npm-4.3.1-24.1
Ссылки
- E-Mail link for openSUSE-SU-2016:0604-1
- SUSE Security Ratings
Описание
Node.js 0.10.x before 0.10.42, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allow remote attackers to conduct HTTP request smuggling attacks via a crafted Content-Length HTTP header.
Затронутые продукты
openSUSE Leap 42.1:nodejs-4.3.1-24.1
openSUSE Leap 42.1:nodejs-devel-4.3.1-24.1
openSUSE Leap 42.1:nodejs-docs-4.3.1-24.1
openSUSE Leap 42.1:npm-4.3.1-24.1
Ссылки
- CVE-2016-2086
- SUSE Bug 966076
- SUSE Bug 966077
Описание
The HTTP header parsing code in Node.js 0.10.x before 0.10.42, 0.11.6 through 0.11.16, 0.12.x before 0.12.10, 4.x before 4.3.0, and 5.x before 5.6.0 allows remote attackers to bypass an HTTP response-splitting protection mechanism via UTF-8 encoded Unicode characters in the HTTP header, as demonstrated by %c4%8d%c4%8a.
Затронутые продукты
openSUSE Leap 42.1:nodejs-4.3.1-24.1
openSUSE Leap 42.1:nodejs-devel-4.3.1-24.1
openSUSE Leap 42.1:nodejs-docs-4.3.1-24.1
openSUSE Leap 42.1:npm-4.3.1-24.1
Ссылки
- CVE-2016-2216
- SUSE Bug 966076
- SUSE Bug 966077