openSUSE-SU-2020:1644-1

Опубликовано: 10 окт. 2020

Источник: suse-cvrf

Описание

Security update for nodejs8

This update for nodejs8 fixes the following issues:

CVE-2020-15095: Fixed information leak through log files (bsc#1173937).
Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1

nodejs8-8.17.0-lp151.2.21.1

nodejs8-devel-8.17.0-lp151.2.21.1

nodejs8-docs-8.17.0-lp151.2.21.1

npm8-8.17.0-lp151.2.21.1

Ссылки

https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JFBUHII7VEZISEYN3O5C53Y2VPP4MVLZ/
E-Mail link for openSUSE-SU-2020:1644-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1172686
SUSE Bug 1172686
https://bugzilla.suse.com/1173937
SUSE Bug 1173937
https://www.suse.com/security/cve/CVE-2020-15095/
SUSE CVE CVE-2020-15095 page

Описание

Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.

Затронутые продукты

openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.21.1

openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.21.1

openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.21.1

openSUSE Leap 15.1:npm8-8.17.0-lp151.2.21.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-15095.html
CVE-2020-15095
https://bugzilla.suse.com/1173937
SUSE Bug 1173937

openSUSE-SU-2020:1644-1

Описание

Список пакетов

openSUSE Leap 15.1

Ссылки

Уязвимость: CVE-2020-15095

Описание

Затронутые продукты

Ссылки