Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:15
patchinfo.7772
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.7772
<patchinfo incident="7772"> <issue tracker="bnc" id="1097404">VUL-0: CVE-2018-7161: nodejs8: Fixes Denial of Service vulnerability by updating the http2 implementation to not crash under certain circumstances during cleanup</issue> <issue tracker="bnc" id="1091764">[staging] FTBFS: nojdejs8 fails to build against icu 61.1</issue> <issue tracker="bnc" id="1097375">VUL-0: CVE-2018-7167: nodejs4,nodejs6,nodejs8: Fixes Denial of Service vulnerability where calling Buffer.fill() could hang</issue> <issue tracker="bnc" id="1097401"></issue> <issue tracker="cve" id="2018-7167"/> <issue tracker="cve" id="2018-7161"/> <issue tracker="cve" id="2018-1000168"/> <category>security</category> <rating>moderate</rating> <packager>adamm</packager> <description>This update for nodejs8 to version 8.11.3 fixes the following issues: These security issues were fixed: - CVE-2018-7167: Calling Buffer.fill() or Buffer.alloc() with some parameters could have lead to a hang which could have resulted in a DoS (bsc#1097375). - CVE-2018-7161: By interacting with the http2 server in a manner that triggered a cleanup bug where objects are used in native code after they are no longer available an attacker could have caused a denial of service (DoS) by causing a node server providing an http2 server to crash (bsc#1097404). - CVE-2018-1000168: Fixed a denial of service vulnerability by unbundling nghttp2 (bsc#1097401) </description> <summary>Security update for nodejs8</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor