SUSE-SU-2019:0117-1
Advisory lineage Upstream: 7 Downstream: 0
Published: 18 Jan 2019, 10:52
Last modified:04 Feb 2026, 03:59
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
18 Jan 2019, 10:52
Published
Vulnerability first disclosed
04 Feb 2026, 03:59
Last Modified
Vulnerability information updated
Description
Security update for nodejs4 This update for nodejs4 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka 'PortSmash') (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)
Affected Systems
- suse•nodejs4&distro=SUSE Enterprise Storage 4
< 4.9.1-15.17.1
- suse•nodejs4&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 4.9.1-15.17.1
References (15)
- https://www.suse.com/support/update/announcement/2019/suse-su-20190117-1/
- https://bugzilla.suse.com/1113534
- https://bugzilla.suse.com/1113652
- https://bugzilla.suse.com/1117625
- https://bugzilla.suse.com/1117626
- https://bugzilla.suse.com/1117627
- https://bugzilla.suse.com/1117629
- https://bugzilla.suse.com/1117630
- https://www.suse.com/security/cve/CVE-2018-0734
- https://www.suse.com/security/cve/CVE-2018-12116
- https://www.suse.com/security/cve/CVE-2018-12120
- https://www.suse.com/security/cve/CVE-2018-12121
- https://www.suse.com/security/cve/CVE-2018-12122
- https://www.suse.com/security/cve/CVE-2018-12123
- https://www.suse.com/security/cve/CVE-2018-5407