This update for nodejs6 fixes the following issues:
Security issues fixed:
- CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322).
- CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value.
- CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64.
- CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242).
- CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058).
Bug fixes:
- Update to LTS release 6.12.2 (bsc#1072322):
* https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/
* https://nodejs.org/en/blog/release/v6.12.2/
* https://nodejs.org/en/blog/release/v6.12.1/
* https://nodejs.org/en/blog/release/v6.12.0/
* https://nodejs.org/en/blog/release/v6.11.5/
* https://nodejs.org/en/blog/release/v6.11.4/
* https://nodejs.org/en/blog/release/v6.11.3/
* https://nodejs.org/en/blog/release/v6.11.2/
This update was imported from the SUSE:SLE-12:Update update project.
- Submitted by Adam Majer (adamm)