Anfälligkeitssuche        Suche in 211766 CVE Beschreibungen
und 97459 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.1.4.2018.0952.1
Kategorie:SuSE Local Security Checks
Titel:SUSE: Security Advisory (SUSE-SU-2018:0952-1)
Zusammenfassung:The remote host is missing an update for the 'nodejs4' package(s) announced via the SUSE-SU-2018:0952-1 advisory.
Beschreibung:Summary:
The remote host is missing an update for the 'nodejs4' package(s) announced via the SUSE-SU-2018:0952-1 advisory.

Vulnerability Insight:
This update for nodejs4 fixes the following issues:
- Fix some node-gyp permissions
- New upstream maintenance 4.9.1:
* Security fixes:
+ CVE-2018-7158: Fix for 'path' module regular expression denial of
service (bsc#1087459)
+ CVE-2018-7159: Reject spaces in HTTP Content-Length header values
(bsc#1087453)
* Upgrade to OpenSSL 1.0.2o
* deps: reject interior blanks in Content-Length
* deps: upgrade http-parser to v2.8.0
- remove any old manpage files in %pre from before update-alternatives
were used to manage symlinks to these manpages.
- Add Recommends and BuildRequire on python2 for npm. node-gyp requires
this old version of python for now. This is only needed for binary
modules.
- even on recent codestreams there is no binutils gold on s390
only on s390x
- Enable CI tests in %check target

Affected Software/OS:
'nodejs4' package(s) on SUSE Linux Enterprise Module for Web Scripting 12, SUSE Enterprise Storage 4

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2018-7158
Common Vulnerability Exposure (CVE) ID: CVE-2018-7159
RedHat Security Advisories: RHSA-2019:2258
https://access.redhat.com/errata/RHSA-2019:2258
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Dies ist nur einer von 97459 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.




© 1998-2021 E-Soft Inc. Alle Rechte vorbehalten.