Overview

File _patchinfo of Package patchinfo.7772

<patchinfo incident="7772">
  <issue tracker="bnc" id="1097404">VUL-0: CVE-2018-7161: nodejs8: Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup</issue>
  <issue tracker="bnc" id="1091764">[staging] FTBFS: nojdejs8 fails to build against icu 61.1</issue>
  <issue tracker="bnc" id="1097375">VUL-0: CVE-2018-7167: nodejs4,nodejs6,nodejs8: Fixes Denial of Service vulnerability where calling Buffer.fill() could hang</issue>
  <issue tracker="bnc" id="1097401"></issue>
  <issue tracker="cve" id="2018-7167"/>
  <issue tracker="cve" id="2018-7161"/>
  <issue tracker="cve" id="2018-1000168"/>
  <category>security</category>
  <rating>moderate</rating>
  <packager>adamm</packager>
  <description>This update for nodejs8 to version 8.11.3 fixes the following issues:

These security issues were fixed:

- CVE-2018-7167: Calling Buffer.fill() or Buffer.alloc() with some parameters
  could have lead to a hang which could have resulted in a DoS (bsc#1097375).
- CVE-2018-7161: By interacting with the http2 server in a manner that
  triggered a cleanup bug where objects are used in native code after they are no
  longer available an attacker could have caused a denial of service (DoS) by
  causing a node server providing an http2 server to crash (bsc#1097404).
- CVE-2018-1000168: Fixed a denial of service vulnerability by unbundling
  nghttp2 (bsc#1097401)
</description>
  <summary>Security update for nodejs8</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places