SUSE-SU-2019:0395-1
Vulnerability Summary
Timeline
Description
Security update for nodejs6 This update for nodejs6 to version 6.16.0 fixes the following issues: Security issues fixed: - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652) - CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka 'PortSmash') (bsc#1113534) - CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625) - CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626) - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service (bsc#1117627) - CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630) - CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)
Affected Systems
- suse•nodejs6&distro=SUSE Enterprise Storage 4
< 6.16.0-11.21.1
- suse•nodejs6&distro=SUSE Linux Enterprise Module for Web and Scripting 12
< 6.16.0-11.21.1
- suse•nodejs6&distro=SUSE OpenStack Cloud 7
< 6.16.0-11.21.1
- suse•nodejs6&distro=SUSE OpenStack Cloud Crowbar 8
< 6.16.0-11.21.1
References (15)
- https://www.suse.com/support/update/announcement/2019/suse-su-20190395-1/
- https://bugzilla.suse.com/1113534
- https://bugzilla.suse.com/1113652
- https://bugzilla.suse.com/1117625
- https://bugzilla.suse.com/1117626
- https://bugzilla.suse.com/1117627
- https://bugzilla.suse.com/1117629
- https://bugzilla.suse.com/1117630
- https://www.suse.com/security/cve/CVE-2018-0734
- https://www.suse.com/security/cve/CVE-2018-12116
- https://www.suse.com/security/cve/CVE-2018-12120
- https://www.suse.com/security/cve/CVE-2018-12121
- https://www.suse.com/security/cve/CVE-2018-12122
- https://www.suse.com/security/cve/CVE-2018-12123
- https://www.suse.com/security/cve/CVE-2018-5407