SUSE-SU-2018:0952-1

Advisory lineage Upstream: 2 Downstream: 0
Published: 16 Apr 2018, 15:32
Last modified:04 Feb 2026, 03:06

Vulnerability Summary

Overall Risk (default)
minimal
0/100
CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

16 Apr 2018, 15:32
Published
Vulnerability first disclosed
04 Feb 2026, 03:06
Last Modified
Vulnerability information updated

Description

Security update for nodejs4 This update for nodejs4 fixes the following issues: - Fix some node-gyp permissions - New upstream maintenance 4.9.1: * Security fixes: + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459) + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453) * Upgrade to OpenSSL 1.0.2o * deps: reject interior blanks in Content-Length * deps: upgrade http-parser to v2.8.0 - remove any old manpage files in %pre from before update-alternatives were used to manage symlinks to these manpages. - Add Recommends and BuildRequire on python2 for npm. node-gyp requires this old version of python for now. This is only needed for binary modules. - even on recent codestreams there is no binutils gold on s390 only on s390x - Enable CI tests in %check target

Affected Systems

  • susenodejs4&distro=SUSE Enterprise Storage 4

    < 4.9.1-15.11.1

  • susenodejs4&distro=SUSE Linux Enterprise Module for Web and Scripting 12

    < 4.9.1-15.11.1

References (5)