Security update for nodejs6
This update for nodejs6 to version 6.17.0 fixes the following issues:
Security issues fixed:
- CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service
when HTTP connection are kept active (bsc#1127533).
- CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service
when HTTP connection are kept active (bsc#1127532).
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances
a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).
Release Notes: https://nodejs.org/en/blog/release/v6.17.0/
This update was imported from the SUSE:SLE-12:Update update project.
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1127532
VUL-0: CVE-2019-5737: nodejs: Slowloris HTTP Denial of Service with keep-alive
bnc#1127533
VUL-0: CVE-2019-5739: nodejs: Denial of Service with keep-alive HTTP connections
bnc#1127080
VUL-1: CVE-2019-1559: openssl,openssl1,openssl-1_0_0,openssl-1_1,compat-openssl097g,compat-openssl098: 0-byte record padding oracle
