Búsqueda de    
Vulnerabilidad   
    Buscar 211766 Descripciones CVE y
97459 Descripciones de Pruebas,
accesos 10,000+ referencias cruzadas.
Pruebas   CVE   Todos  

ID de Prueba:1.3.6.1.4.1.25623.1.1.4.2018.0952.1
Categoría:SuSE Local Security Checks
Título:SUSE: Security Advisory (SUSE-SU-2018:0952-1)
Resumen:The remote host is missing an update for the 'nodejs4' package(s) announced via the SUSE-SU-2018:0952-1 advisory.
Descripción:Summary:
The remote host is missing an update for the 'nodejs4' package(s) announced via the SUSE-SU-2018:0952-1 advisory.

Vulnerability Insight:
This update for nodejs4 fixes the following issues:
- Fix some node-gyp permissions
- New upstream maintenance 4.9.1:
* Security fixes:
+ CVE-2018-7158: Fix for 'path' module regular expression denial of
service (bsc#1087459)
+ CVE-2018-7159: Reject spaces in HTTP Content-Length header values
(bsc#1087453)
* Upgrade to OpenSSL 1.0.2o
* deps: reject interior blanks in Content-Length
* deps: upgrade http-parser to v2.8.0
- remove any old manpage files in %pre from before update-alternatives
were used to manage symlinks to these manpages.
- Add Recommends and BuildRequire on python2 for npm. node-gyp requires
this old version of python for now. This is only needed for binary
modules.
- even on recent codestreams there is no binutils gold on s390
only on s390x
- Enable CI tests in %check target

Affected Software/OS:
'nodejs4' package(s) on SUSE Linux Enterprise Module for Web Scripting 12, SUSE Enterprise Storage 4

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2018-7158
Common Vulnerability Exposure (CVE) ID: CVE-2018-7159
RedHat Security Advisories: RHSA-2019:2258
https://access.redhat.com/errata/RHSA-2019:2258
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

Esta es sólo una de 97459 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.

Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.




© 1998-2021 E-Soft Inc. Todos los derechos reservados.