SynopsisThe remote openSUSE host is missing a security update.
DescriptionThis update brings the new upstream nodejs LTS version 4.6.0, fixing bugs and security issues :
- Nodejs embedded openssl version update
+ upgrade to 1.0.2j (CVE-2016-6304, CVE-2016-2183, CVE-2016-2178, CVE-2016-6306, CVE-2016-7052)
+ remove support for dynamic 3rd party engine modules
- http: Properly validate for allowable characters in input user data. This introduces a new case where throw may occur when configuring HTTP responses, users should already be adopting try/catch here.
- tls: properly validate wildcard certificates (CVE-2016-7099, bsc#1001652)
- buffer: Zero-fill excess bytes in new Buffer objects created with Buffer.concat()
SolutionUpdate the affected nodejs packages.