Overview Repositories Revisions Requests Users Attributes Meta
Security update for nodejs4, nodejs6

This update for nodejs4 and nodejs6 fixes the following issues:

Security issues fixed:

- CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory
outside of the given input buffer if the passed in DNS response packet was crafted in a
particular way. (bsc#1044946)
- CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same
for all runs of the binary. This opens node up to collision attacks which could result in a Denial
of Service. We have temporarily disabled snapshots until a more robust solution is found.
(bsc#1048299)

Non-security fixes:

- GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282)
- New upstream LTS release 6.11.1
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1
- New upstream LTS release 6.11.0
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0
- New upstream LTS release 6.10.3
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3
- New upstream LTS release 6.10.2
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2
- New upstream LTS release 6.10.1
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1
- New upstream LTS release 6.10.0
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0

- New upstream LTS release 4.8.4
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4
- New upstream LTS release 4.8.3
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3
- New upstream LTS release 4.8.2
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2
- New upstream LTS release 4.8.1
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1
- New upstream LTS release 4.8.0
* https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0

This update was imported from the SUSE:SLE-12:Update update project.

Fixed bugs
bnc#1041283
GCC 7: nodejs4 fails to build
bnc#1048299
VUL-0: nodejs4, nodejs6: Constant Hashtable Seeds (CVE pending)
bnc#1041282
GCC 7: nodejs6 fails to build
bnc#1044946
VUL-0: CVE-2017-1000381: libcares2: NAPTR parser out of bounds access
CVE-2017-1000381
CVE-2017-11499
Selected Binaries
openSUSE Build Service is sponsored by
Places