openSUSE-SU-2019:1846-1

Опубликовано: 12 авг. 2019

Источник: suse-cvrf

Описание

Security update for nodejs10

This update for nodejs10 to version 10.16.0 fixes the following issues:

Security issue fixed:

CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290).

Non-security issue fixed:

Update to new upstream LTS version 10.16.0, including npm version 6.9.0 and openssl version 1.1.1b (bsc#1134208).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

nodejs10-10.16.0-lp151.2.3.1

nodejs10-devel-10.16.0-lp151.2.3.1

nodejs10-docs-10.16.0-lp151.2.3.1

npm10-10.16.0-lp151.2.3.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NDOPRHO5EBJWVNZ5TQMMR6AYEXTLSZ4C/#NDOPRHO5EBJWVNZ5TQMMR6AYEXTLSZ4C
E-Mail link for openSUSE-SU-2019:1846-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1134208
SUSE Bug 1134208
https://bugzilla.suse.com/1140290
SUSE Bug 1140290
https://www.suse.com/security/cve/CVE-2019-13173/
SUSE CVE CVE-2019-13173 page

Описание

fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.

Затронутые продукты

openSUSE Leap 15.1:nodejs10-10.16.0-lp151.2.3.1

openSUSE Leap 15.1:nodejs10-devel-10.16.0-lp151.2.3.1

openSUSE Leap 15.1:nodejs10-docs-10.16.0-lp151.2.3.1

openSUSE Leap 15.1:npm10-10.16.0-lp151.2.3.1

Ссылки

https://www.suse.com/security/cve/CVE-2019-13173.html
CVE-2019-13173
https://bugzilla.suse.com/1140290
SUSE Bug 1140290

openSUSE-SU-2019:1846-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2019-13173

Описание

Затронутые продукты

Ссылки