openSUSE Security Update : nodejs4 (openSUSE-2017-442)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

This update for nodejs4 fixes the following issues :

- New upstream LTS release 4.7.3 The embedded openssl
sources were updated to 1.0.2k (CVE-2017-3731,
CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086,
bsc#1009528)

- No changes in LTS version 4.7.2

- New upstream LTS release 4.7.1

- build: shared library support is now working for AIX
builds

- repl: passing options to the repl will no longer
overwrite defaults

- timers: recanceling a cancelled timers will no longer
throw

- New upstream LTS version 4.7.0

- build: introduce the configure --shared option for
embedders

- debugger: make listen address configurable in debugger
server

- dgram: generalized send queue to handle close, fixing a
potential throw when dgram socket is closed in the
listening event handler

- http: introduce the 451 status code 'Unavailable For
Legal Reasons'

- gtest: the test reporter now outputs tap comments as
yamlish

- tls: introduce secureContext for tls.connect (useful for
caching client certificates, key, and CA certificates)

- tls: fix memory leak when writing data to TLSWrap
instance during handshake

- src: node no longer aborts when c-ares initialization
fails

- ported and updated system CA store for the new node
crypto code

- New upstream LTS version 4.6.2

- build :

+ It is now possible to build the documentation from the
release tarball.

- buffer :

+ Buffer.alloc() will no longer incorrectly return a zero
filled buffer when an encoding is passed.

- deps :

+ Upgrade npm in LTS to 2.15.11.

- repl :

+ Enable tab completion for global properties.

- url :

+ url.format() will now encode all '#' in search.

- Add missing conflicts to base package. It's not possible
to have concurrent nodejs installations.

- enable usage of system certificate store on SLE11SP4 by
requiring openssl1 (bsc#1000036)

This update was imported from the SUSE:SLE-12:Update update project.

See also :

https://bugzilla.opensuse.org/show_bug.cgi?id=1000036
https://bugzilla.opensuse.org/show_bug.cgi?id=1009528
https://bugzilla.opensuse.org/show_bug.cgi?id=1022085
https://bugzilla.opensuse.org/show_bug.cgi?id=1022086

Solution :

Update the affected nodejs4 packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 99212 ()

Bugtraq ID:

CVE ID: CVE-2016-7055
CVE-2017-3731
CVE-2017-3732

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now