Overview

File _patchinfo of Package patchinfo.9668

<patchinfo incident="9668">
  <issue tracker="bnc" id="1117625">VUL-1: CVE-2018-12120: nodejs4,nodejs6: Debugger port 5858 listens on any interface by default</issue>
  <issue tracker="bnc" id="1117627">VUL-0: CVE-2018-12122: nodejs4,nodejs6,nodejs8: "Slowloris" HTTP Denial of Service</issue>
  <issue tracker="bnc" id="1117626">VUL-0: CVE-2018-12121: nodejs4,nodejs6,nodejs8: Denial of Service with large HTTP headers</issue>
  <issue tracker="bnc" id="1117629">VUL-0: CVE-2018-12123: nodejs4,nodejs6,nodejs8: Hostname spoofing in URL parser for javascript protocol</issue>
  <issue tracker="bnc" id="1113652">VUL-1: CVE-2018-0734: openssl,openssl1,openssl-1_1,openssl-1_0_0,compat-openssl098: Timing vulnerability in DSA signature generation</issue>
  <issue tracker="bnc" id="1113534">VUL-0: CVE-2018-5407: Hyperthread port content side channel aka "PortSmash"</issue>
  <issue tracker="bnc" id="1117630">VUL-0: CVE-2018-12116: nodejs4,nodejs6,nodejs8: HTTP request splitting</issue>
  <issue tracker="cve" id="2018-12120"/>
  <issue tracker="cve" id="2018-12121"/>
  <issue tracker="cve" id="2018-12122"/>
  <issue tracker="cve" id="2018-12123"/>
  <issue tracker="cve" id="2018-12116"/>
  <issue tracker="cve" id="2018-5407"/>
  <issue tracker="cve" id="2018-0734"/>
  <category>security</category>
  <rating>important</rating>
  <packager>adamm</packager>
  <description>This update for nodejs6 to version 6.16.0 fixes the following issues:

Security issues fixed:

- CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation (bsc#1113652)
- CVE-2018-5407: Fixed a hyperthread port content side channel attack (aka "PortSmash") (bsc#1113534)
- CVE-2018-12120: Fixed that the debugger listens on any interface by default (bsc#1117625)
- CVE-2018-12121: Fixed a denial of Service with large HTTP headers (bsc#1117626)
- CVE-2018-12122: Fixed the "Slowloris" HTTP Denial of Service (bsc#1117627)
- CVE-2018-12116: Fixed HTTP request splitting (bsc#1117630)
- CVE-2018-12123: Fixed hostname spoofing in URL parser for javascript protocol (bsc#1117629)

This update was imported from the SUSE:SLE-12:Update update project.</description>
  <summary>Security update for nodejs6</summary>
</patchinfo>
openSUSE Build Service is sponsored by
Places