openSUSE-SU-2016:2752-1

Опубликовано: 09 нояб. 2016

Источник: suse-cvrf

Описание

Security update for nodejs

This update for nodejs fixes the following issues:

New upstream LTS version 4.6.1
- c-ares:
  - CVE-2016-5180: fix for single-byte buffer overwrite
Fix nodejs-libpath.patch so ppc doesn't fail to build

Список пакетов

openSUSE Leap 42.1

nodejs-4.6.1-36.1

nodejs-devel-4.6.1-36.1

nodejs-docs-4.6.1-36.1

npm-4.6.1-36.1

Ссылки

https://lists.opensuse.org/opensuse-updates/2016-11/msg00024.html
E-Mail link for openSUSE-SU-2016:2752-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

Heap-based buffer overflow in the ares_create_query function in c-ares 1.x before 1.12.0 allows remote attackers to cause a denial of service (out-of-bounds write) or possibly execute arbitrary code via a hostname with an escaped trailing dot.

Затронутые продукты

openSUSE Leap 42.1:nodejs-4.6.1-36.1

openSUSE Leap 42.1:nodejs-devel-4.6.1-36.1

openSUSE Leap 42.1:nodejs-docs-4.6.1-36.1

openSUSE Leap 42.1:npm-4.6.1-36.1

Ссылки

https://www.suse.com/security/cve/CVE-2016-5180.html
CVE-2016-5180
https://bugzilla.suse.com/1007728
SUSE Bug 1007728

openSUSE-SU-2016:2752-1

Описание

Список пакетов

openSUSE Leap 42.1

Ссылки

Уязвимость: CVE-2016-5180

Описание

Затронутые продукты

Ссылки