Описание
Security update for nodejs10
This update for nodejs10 fixes the following issues:
- nodejs10 was updated to 10.22.1 LTS:
- CVE-2020-8252: Fixed a buffer overflow in realpath (bsc#1176589).
- CVE-2020-15095: Fixed an information leak through log files (bsc#1173937).
- Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686)
This update was imported from the SUSE:SLE-15:Update update project.
Список пакетов
openSUSE Leap 15.2
nodejs10-10.22.1-lp152.2.6.1
nodejs10-devel-10.22.1-lp152.2.6.1
nodejs10-docs-10.22.1-lp152.2.6.1
npm10-10.22.1-lp152.2.6.1
Ссылки
- E-Mail link for openSUSE-SU-2020:1660-1
- SUSE Security Ratings
- SUSE Bug 1172686
- SUSE Bug 1173937
- SUSE Bug 1176589
- SUSE CVE CVE-2020-15095 page
- SUSE CVE CVE-2020-8252 page
Описание
Versions of the npm CLI prior to 6.14.6 are vulnerable to an information exposure vulnerability through log files. The CLI supports URLs like "<protocol>://[<user>[:<password>]@]<hostname>[:<port>][:][/]<path>". The password value is not redacted and is printed to stdout and also to any generated log files.
Затронутые продукты
openSUSE Leap 15.2:nodejs10-10.22.1-lp152.2.6.1
openSUSE Leap 15.2:nodejs10-devel-10.22.1-lp152.2.6.1
openSUSE Leap 15.2:nodejs10-docs-10.22.1-lp152.2.6.1
openSUSE Leap 15.2:npm10-10.22.1-lp152.2.6.1
Ссылки
- CVE-2020-15095
- SUSE Bug 1173937
Описание
The implementation of realpath in libuv < 10.22.1, < 12.18.4, and < 14.9.0 used within Node.js incorrectly determined the buffer size which can result in a buffer overflow if the resolved path is longer than 256 bytes.
Затронутые продукты
openSUSE Leap 15.2:nodejs10-10.22.1-lp152.2.6.1
openSUSE Leap 15.2:nodejs10-devel-10.22.1-lp152.2.6.1
openSUSE Leap 15.2:nodejs10-docs-10.22.1-lp152.2.6.1
openSUSE Leap 15.2:npm10-10.22.1-lp152.2.6.1
Ссылки
- CVE-2020-8252
- SUSE Bug 1176589