Overview

File _patchinfo of Package patchinfo.10489

<patchinfo incident="10489">
  <issue tracker="bnc" id="1127532">VUL-0: CVE-2019-5737: nodejs: Slowloris HTTP Denial of Service with keep-alive</issue>
  <issue tracker="bnc" id="1127533">VUL-0: CVE-2019-5739: nodejs: Denial of Service with keep-alive HTTP connections</issue>
  <issue tracker="bnc" id="1127080">VUL-1: CVE-2019-1559: openssl,openssl1,openssl-1_0_0,openssl-1_1,compat-openssl097g,compat-openssl098: 0-byte record padding oracle</issue>
  <issue tracker="cve" id="2019-1559"/>
  <issue tracker="cve" id="2019-5739"/>
  <issue tracker="cve" id="2019-5737"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>This update for nodejs6 to version 6.17.0 fixes the following issues:

Security issues fixed:


- CVE-2019-5739: Fixed a potentially attack vector which could lead to Denial of Service 
  when HTTP connection are kept active (bsc#1127533).
- CVE-2019-5737: Fixed a potentially attack vector which could lead to Denial of Service
  when HTTP connection are kept active (bsc#1127532).
- CVE-2019-1559: Fixed OpenSSL 0-byte Record Padding Oracle which under certain circumstances 
  a TLS server can be forced to respond differently to a client and lead to the decryption of the data (bsc#1127080).

Release Notes: https://nodejs.org/en/blog/release/v6.17.0/    
</description>
  <summary>Security update for nodejs6</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places