File _patchinfo of Package patchinfo.15317
<patchinfo incident="15317">
<issue tracker="cve" id="2020-8174"/>
<issue tracker="cve" id="2020-10531"/>
<issue tracker="cve" id="2020-7598"/>
<issue tracker="cve" id="2020-11080"/>
<issue tracker="bnc" id="1162117">openssl: error:2406C06E:random number generator:RAND_DRBG_instantiate:error retrieving entropy</issue>
<issue tracker="bnc" id="1166916">VUL-0: CVE-2020-7598: nodejs,nodejs12,nodejs10,nodejs4,nodejs6,nodejs8: nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload</issue>
<issue tracker="bnc" id="1172442">VUL-0: CVE-2020-11080: nodejs12,nodejs10: HTTP/2 Large Settings Frame DoS</issue>
<issue tracker="bnc" id="1166844">VUL-0: CVE-2020-10531: icu: ICU: Integer overflow in UnicodeString:doAppend()</issue>
<issue tracker="bnc" id="1172443">VUL-0: CVE-2020-8174: nodejs,nodejs12,nodejs10,nodejs4,nodejs6,nodejs8: napi_get_value_string_*() allows various kinds of memory corruption</issue>
<packager>adamm</packager>
<rating>critical</rating>
<category>security</category>
<summary>Security update for nodejs10</summary>
<description>This update for nodejs10 fixes the following issues:
nodejs10 was updated to version 10.21.0
- CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
- CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442).
- CVE-2020-10531: Fixed an integer overflow in UnicodeString:doAppend() (bsc#1166844).
- Fixed an issue with openssl by adding getrandom syscall definition for all Linux platforms (bsc#1162117).
npm was updated to 6.14.3
- CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying
properties of Object.prototype (bsc#1166916).
</description>
</patchinfo>