Описание
Security update for nodejs8
This update for nodejs8 fixes the following issues:
Security issue fixed:
- CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter() (bsc#1140290).
Non-security issue fixed:
- Backported fixes for OpenSSL 1.1.1 from nodejs8 (bsc#1134209).
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.0
nodejs8-8.15.1-lp151.2.3.1
nodejs8-devel-8.15.1-lp151.2.3.1
nodejs8-docs-8.15.1-lp151.2.3.1
npm8-8.15.1-lp151.2.3.1
openSUSE Leap 15.1
nodejs8-8.15.1-lp151.2.3.1
nodejs8-devel-8.15.1-lp151.2.3.1
nodejs8-docs-8.15.1-lp151.2.3.1
npm8-8.15.1-lp151.2.3.1
Ссылки
- E-Mail link for openSUSE-SU-2019:1907-1
- SUSE Security Ratings
- SUSE Bug 1134209
- SUSE Bug 1140290
- SUSE CVE CVE-2019-13173 page
Описание
fstream before 1.0.12 is vulnerable to Arbitrary File Overwrite. Extracting tarballs containing a hardlink to a file that already exists in the system, and a file that matches the hardlink, will overwrite the system's file with the contents of the extracted file. The fstream.DirWriter() function is vulnerable.
Затронутые продукты
openSUSE Leap 15.0:nodejs8-8.15.1-lp151.2.3.1
openSUSE Leap 15.0:nodejs8-devel-8.15.1-lp151.2.3.1
openSUSE Leap 15.0:nodejs8-docs-8.15.1-lp151.2.3.1
openSUSE Leap 15.0:npm8-8.15.1-lp151.2.3.1
Ссылки
- CVE-2019-13173
- SUSE Bug 1140290