Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
home:Alexander_Naumov:SLE-12:Update
patchinfo.5180
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.5180
<patchinfo incident="5180"> <issue id="1041283" tracker="bnc">GCC 7: nodejs4 fails to build</issue> <issue id="1048299" tracker="bnc">VUL-0: nodejs4, nodejs6: Constant Hashtable Seeds (CVE pending)</issue> <issue id="1041282" tracker="bnc">GCC 7: nodejs6 fails to build</issue> <issue id="1044946" tracker="bnc">VUL-0: CVE-2017-1000381: libcares2: NAPTR parser out of bounds access</issue> <issue id="2017-1000381" tracker="cve" /> <issue id="2017-11499" tracker="cve" /> <category>security</category> <rating>moderate</rating> <packager>adamm</packager> <description>This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299) Non-security fixes: - GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.1 - New upstream LTS release 6.11.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.11.0 - New upstream LTS release 6.10.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.3 - New upstream LTS release 6.10.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.2 - New upstream LTS release 6.10.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.1 - New upstream LTS release 6.10.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V6.md#6.10.0 - New upstream LTS release 4.8.4 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.4 - New upstream LTS release 4.8.3 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.3 - New upstream LTS release 4.8.2 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.2 - New upstream LTS release 4.8.1 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.1 - New upstream LTS release 4.8.0 * https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V4.md#4.8.0 </description> <summary>Security update for nodejs4, nodejs6</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor