SUSE-SU-2018:1918-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 09 Jul 2018, 09:55
Last modified:04 Feb 2026, 03:25
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
09 Jul 2018, 09:55
Published
Vulnerability first disclosed
04 Feb 2026, 03:25
Last Modified
Vulnerability information updated
Description
Security update for nodejs8 This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill() or Buffer.alloc() with some parameters could have lead to a hang which could have resulted in a DoS (bsc#1097375). - CVE-2018-7161: By interacting with the http2 server in a manner that triggered a cleanup bug where objects are used in native code after they are no longer available an attacker could have caused a denial of service (DoS) by causing a node server providing an http2 server to crash (bsc#1097404). - CVE-2018-1000168: Fixed a denial of service vulnerability by unbundling nghttp2 (bsc#1097401)
Affected Systems
- suse•nodejs8&distro=SUSE Linux Enterprise Module for Web and Scripting 15
< 8.11.3-3.5.1
References (8)
- https://www.suse.com/support/update/announcement/2018/suse-su-20181918-1/
- https://bugzilla.suse.com/1091764
- https://bugzilla.suse.com/1097375
- https://bugzilla.suse.com/1097401
- https://bugzilla.suse.com/1097404
- https://www.suse.com/security/cve/CVE-2018-1000168
- https://www.suse.com/security/cve/CVE-2018-7161
- https://www.suse.com/security/cve/CVE-2018-7167