Request 681821: Submit nodejs6 - openSUSE Build Service

This request supersedes: request 681321 (Show diff)

Overview

Request 681821 accepted

- New upstream LTS release 6.17.0:
* deps: OpenSSL has been upgraded to 1.0.2r. Under certain
circumstances, a TLS server can be forced to respond differently
to a client if a zero-byte record is received with an
invalid padding compared to a zero-byte record with an
invalid MAC. This can be used as the basis of a padding
oracle attack to decrypt data.
(CVE-2019-1559, bsc#1127080)
* http:
+ Backport server.keepAliveTimeout to prevent keep-alive
HTTP and HTTPS connections remaining open and inactive for
an extended period of time, leading to a potential
Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
+ Further prevention of "Slowloris" attacks on HTTP and HTTPS
connections by consistently applying the receive timeout set
by server.headersTimeout to connections in keep-alive mode.
(CVE-2019-5737, bsc#1127532)

- nodejs.keyring: update keyring to today's list as per
https://github.com/nodejs/node

Created by adamm about 5 years ago
In state accepted
Supersedes 681321

Submit nodejs6

Comments for request 681821 0

Login required, please login in order to comment

Request History

adamm created request about 5 years ago

- New upstream LTS release 6.17.0:
* deps: OpenSSL has been upgraded to 1.0.2r. Under certain
circumstances, a TLS server can be forced to respond differently
to a client if a zero-byte record is received with an
invalid padding compared to a zero-byte record with an
invalid MAC. This can be used as the basis of a padding
oracle attack to decrypt data.
(CVE-2019-1559, bsc#1127080)
* http:
+ Backport server.keepAliveTimeout to prevent keep-alive
HTTP and HTTPS connections remaining open and inactive for
an extended period of time, leading to a potential
Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
+ Further prevention of "Slowloris" attacks on HTTP and HTTPS
connections by consistently applying the receive timeout set
by server.headersTimeout to connections in keep-alive mode.
(CVE-2019-5737, bsc#1127532)

- nodejs.keyring: update keyring to today's list as per
https://github.com/nodejs/node

factory-auto added opensuse-review-team as a reviewer about 5 years ago

Please review sources

factory-auto added repo-checker as a reviewer about 5 years ago

Please review build success

factory-auto accepted review about 5 years ago

Check script succeeded

licensedigger accepted review about 5 years ago

ok

staging-bot added as a reviewer about 5 years ago

Being evaluated by staging project "openSUSE:Factory:Staging:adi:51"

staging-bot accepted review about 5 years ago

Picked openSUSE:Factory:Staging:adi:51

repo-checker accepted review about 5 years ago

cycle and install check passed

dimstar accepted review about 5 years ago

staging-bot accepted review about 5 years ago

ready to accept

staging-bot approved review about 5 years ago

ready to accept

dimstar_suse accepted request about 5 years ago

Accept to openSUSE:Factory

openSUSE Build Service is sponsored by