openSUSE-SU-2019:1211-1

Опубликовано: 16 апр. 2019

Источник: suse-cvrf

Описание

Security update for nodejs10

This update for nodejs10 to version 10.1.2 fixes the following issue:

Security issue fixed:

CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service when HTTP connection are kept active (bsc#1127532).

This update was imported from the SUSE:SLE-12:Update update project.

Список пакетов

openSUSE Leap 42.3

nodejs10-10.15.2-5.2

nodejs10-devel-10.15.2-5.2

nodejs10-docs-10.15.2-5.2

npm10-10.15.2-5.2

Ссылки

https://lists.opensuse.org/opensuse-security-announce/2019-04/msg00059.html
E-Mail link for openSUSE-SU-2019:1211-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings

Описание

In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.

Затронутые продукты

openSUSE Leap 42.3:nodejs10-10.15.2-5.2

openSUSE Leap 42.3:nodejs10-devel-10.15.2-5.2

openSUSE Leap 42.3:nodejs10-docs-10.15.2-5.2

openSUSE Leap 42.3:npm10-10.15.2-5.2

Ссылки

https://www.suse.com/security/cve/CVE-2019-5737.html
CVE-2019-5737
https://bugzilla.suse.com/1127532
SUSE Bug 1127532

openSUSE-SU-2019:1211-1

Описание

Список пакетов

openSUSE Leap 42.3

Ссылки

Уязвимость: CVE-2019-5737

Описание

Затронутые продукты

Ссылки