|Category:||SuSE Local Security Checks|
|Title:||SUSE: Security Advisory (SUSE-SU-2018:1918-1)|
|Summary:||The remote host is missing an update for the 'nodejs8' package(s) announced via the SUSE-SU-2018:1918-1 advisory.|
The remote host is missing an update for the 'nodejs8' package(s) announced via the SUSE-SU-2018:1918-1 advisory.
This update for nodejs8 to version 8.11.3 fixes the following issues:
These security issues were fixed:
- CVE-2018-7167: Calling Buffer.fill() or Buffer.alloc() with some
parameters could have lead to a hang which could have resulted in a DoS
- CVE-2018-7161: By interacting with the http2 server in a manner that
triggered a cleanup bug where objects are used in native code after they
are no longer available an attacker could have caused a denial of
service (DoS) by causing a node server providing an http2 server to
- CVE-2018-1000168: Fixed a denial of service vulnerability by unbundling
'nodejs8' package(s) on SUSE Linux Enterprise Module for Web Scripting 15
Please install the updated package(s).
Common Vulnerability Exposure (CVE) ID: CVE-2018-7161|
BugTraq ID: 106363
Common Vulnerability Exposure (CVE) ID: CVE-2018-7167
|Copyright||Copyright (C) 2021 Greenbone Networks GmbH|
|This is only one of 97459 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.