Security update for nodejs6

SUSE Security Update: Security update for nodejs6
Announcement ID: SUSE-SU-2018:1892-1
Rating: moderate
References: #1091764 #1097375
Affected Products:
  • SUSE OpenStack Cloud Crowbar 8
  • SUSE OpenStack Cloud 7
  • SUSE Linux Enterprise Module for Web Scripting 12
  • SUSE Enterprise Storage 4

  • An update that solves one vulnerability and has one errata is now available.

    Description:

    This update for nodejs6 to version 6.14.3 fixes the following issues:

    The following security vulnerability was addressed:

    - Fixed a denial of service (DoS) vulnerability in Buffer.fill(), which
    could hang when being called (CVE-2018-7167, bsc#1097375).

    The following other changes were made:

    - Use absolute paths in executable shebang lines
    - Fixed building with ICU61.1 (bsc#1091764)

    Patch Instructions:

    To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
    Alternatively you can run the command listed for your product:

    • SUSE OpenStack Cloud Crowbar 8:
      zypper in -t patch SUSE-OpenStack-Cloud-Crowbar-8-2018-1287=1
    • SUSE OpenStack Cloud 7:
      zypper in -t patch SUSE-OpenStack-Cloud-7-2018-1287=1
    • SUSE Linux Enterprise Module for Web Scripting 12:
      zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2018-1287=1
    • SUSE Enterprise Storage 4:
      zypper in -t patch SUSE-Storage-4-2018-1287=1

    Package List:

    • SUSE OpenStack Cloud Crowbar 8 (x86_64):
      • nodejs6-6.14.3-11.15.1
      • nodejs6-debuginfo-6.14.3-11.15.1
      • nodejs6-debugsource-6.14.3-11.15.1
    • SUSE OpenStack Cloud 7 (aarch64 s390x x86_64):
      • nodejs6-6.14.3-11.15.1
      • nodejs6-debuginfo-6.14.3-11.15.1
      • nodejs6-debugsource-6.14.3-11.15.1
    • SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):
      • nodejs6-6.14.3-11.15.1
      • nodejs6-debuginfo-6.14.3-11.15.1
      • nodejs6-debugsource-6.14.3-11.15.1
      • nodejs6-devel-6.14.3-11.15.1
      • npm6-6.14.3-11.15.1
    • SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
      • nodejs6-docs-6.14.3-11.15.1
    • SUSE Enterprise Storage 4 (aarch64 x86_64):
      • nodejs6-6.14.3-11.15.1
      • nodejs6-debuginfo-6.14.3-11.15.1
      • nodejs6-debugsource-6.14.3-11.15.1

    References: