Anfälligkeitssuche        Suche in 219043 CVE Beschreibungen
und 99761 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2017.2168.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2017:2168-1)
Zusammenfassung:The remote host is missing an update for the 'nodejs4, nodejs6' package(s) announced via the SUSE-SU-2017:2168-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'nodejs4, nodejs6' package(s) announced via the SUSE-SU-2017:2168-1 advisory.

Vulnerability Insight:
This update for nodejs4 and nodejs6 fixes the following issues:
Security issues fixed:
- CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be
triggered to read memory
outside of the given input buffer if the passed in DNS response packet
was crafted in a particular way. (bsc#1044946)
- CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the
snapshot is currently the same for all runs of the binary. This opens
node up to collision attacks which could result in a Denial
of Service. We have temporarily disabled snapshots until a more robust
solution is found. (bsc#1048299)
Non-security fixes:
- GCC 7 compilation fixes for v8 backported and add missing ICU59 headers
(bsc#1041282)
- New upstream LTS release 6.11.1
*
[link moved to references]
.11.1
- New upstream LTS release 6.11.0
*
[link moved to references]
.11.0
- New upstream LTS release 6.10.3
*
[link moved to references]
.10.3
- New upstream LTS release 6.10.2
*
[link moved to references]
.10.2
- New upstream LTS release 6.10.1
*
[link moved to references]
.10.1
- New upstream LTS release 6.10.0
*
[link moved to references]
.10.0
- New upstream LTS release 4.8.4
*
[link moved to references]
.8.4
- New upstream LTS release 4.8.3
*
[link moved to references]
.8.3
- New upstream LTS release 4.8.2
*
[link moved to references]
.8.2
- New upstream LTS release 4.8.1
*
[link moved to references]
.8.1
- New upstream LTS release 4.8.0
*
[link moved to references]
.8.0

Affected Software/OS:
'nodejs4, nodejs6' package(s) on SUSE Enterprise Storage 4, SUSE Linux Enterprise Module for Web Scripting 12, SUSE OpenStack Cloud 7.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-1000381
Common Vulnerability Exposure (CVE) ID: CVE-2017-11499
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2024 E-Soft Inc. Alle Rechte vorbehalten.