openSUSE Security Update : nodejs (openSUSE-2017-284)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

nodejs was updated to LTS release 4.7.3 to fix the following issues :

- deps: upgrade embedded openssl sources to 1.0.2k
(CVE-2017-3731, CVE-2017-3732, CVE-2016-7055,
boo#1022085, boo#1022086, boo#1009528)

Changes in LTS release 4.7.1 :

- build: shared library support is now working for AIX
builds

- repl: passing options to the repl will no longer
overwrite defaults

- timers: recanceling a cancelled timers will no longer
throw

Changes in LTS release 4.7.0 :

- build: introduce the configure --shared option for
embedders

- debugger: make listen address configurable in debugger
server

- dgram: generalized send queue to handle close, fixing a
potential throw when dgram socket is closed in the
listening event handler

- http: introduce the 451 status code 'Unavailable For
Legal Reasons'

- gtest: the test reporter now outputs tap comments as
yamlish

- tls: introduce secureContext for tls.connect (useful for
caching client certificates, key, and CA certificates)

- tls: fix memory leak when writing data to TLSWrap
instance during handshake

- src: node no longer aborts when c-ares initialization
fails

Changes in LTS release 4.6.2 :

- build: it is now possible to build the documentation
from the release tarball

- buffer: Buffer.alloc() will no longer incorrectly return
a zero filled buffer when an encoding is passed

- deps/npm: upgrade npm in LTS to 2.15.11

- repl: enable tab completion for global properties

- url: url.format() will now encode all '#' in search

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1009528
https://bugzilla.opensuse.org/show_bug.cgi?id=1022085
https://bugzilla.opensuse.org/show_bug.cgi?id=1022086

Solution :

Update the affected nodejs packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 97292 ()

Bugtraq ID:

CVE ID: CVE-2016-7055
CVE-2017-3731
CVE-2017-3732

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now