Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.4.2017.2168.1 |
Kategorie: | SuSE Local Security Checks |
Titel: | SUSE: Security Advisory (SUSE-SU-2017:2168-1) |
Zusammenfassung: | The remote host is missing an update for the 'nodejs4, nodejs6' package(s) announced via the SUSE-SU-2017:2168-1 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the 'nodejs4, nodejs6' package(s) announced via the SUSE-SU-2017:2168-1 advisory. Vulnerability Insight: This update for nodejs4 and nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-1000381: The c-ares function ares_parse_naptr_reply() could be triggered to read memory outside of the given input buffer if the passed in DNS response packet was crafted in a particular way. (bsc#1044946) - CVE-2017-11499: Disable V8 snapshots. The hashseed embedded in the snapshot is currently the same for all runs of the binary. This opens node up to collision attacks which could result in a Denial of Service. We have temporarily disabled snapshots until a more robust solution is found. (bsc#1048299) Non-security fixes: - GCC 7 compilation fixes for v8 backported and add missing ICU59 headers (bsc#1041282) - New upstream LTS release 6.11.1 * [link moved to references] .11.1 - New upstream LTS release 6.11.0 * [link moved to references] .11.0 - New upstream LTS release 6.10.3 * [link moved to references] .10.3 - New upstream LTS release 6.10.2 * [link moved to references] .10.2 - New upstream LTS release 6.10.1 * [link moved to references] .10.1 - New upstream LTS release 6.10.0 * [link moved to references] .10.0 - New upstream LTS release 4.8.4 * [link moved to references] .8.4 - New upstream LTS release 4.8.3 * [link moved to references] .8.3 - New upstream LTS release 4.8.2 * [link moved to references] .8.2 - New upstream LTS release 4.8.1 * [link moved to references] .8.1 - New upstream LTS release 4.8.0 * [link moved to references] .8.0 Affected Software/OS: 'nodejs4, nodejs6' package(s) on SUSE Enterprise Storage 4, SUSE Linux Enterprise Module for Web Scripting 12, SUSE OpenStack Cloud 7. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2017-1000381 Common Vulnerability Exposure (CVE) ID: CVE-2017-11499 |
Copyright | Copyright (C) 2021 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |