SUSE-SU-2017:0431-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170431-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0431-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0431-1
Related
Published
2017-02-09T10:18:00Z
Modified
2017-02-09T10:18:00Z
Summary
Security update for nodejs6
Details

This update for nodejs6 fixes the following issues:

New upstream LTS release 6.9.5.

The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528)

Other fixes: - Add basic check that Node.js loads successfully to spec file

  • New upstream LTS release 6.9.3

    • build: shared library support is now working for AIX builds
    • deps/npm: upgrade npm to 3.10.10
    • deps/V8: destructuring of arrow function arguments via computed property no longer throws
    • inspector: /json/version returns object, not an object wrapped in an array
    • module: using --debug-brk and --eval together now works as expected
    • process: improve performance of nextTick up to 20%
    • repl: the division operator will no longer be accidentally parsed as regex
    • repl: improved support for generator functions
    • timers: recanceling a cancelled timers will no longer throw
  • New upstream LTS version 6.9.2

References

Affected packages

SUSE:Linux Enterprise Module for Web and Scripting 12 / nodejs6

Package

Name
nodejs6
Purl
purl:rpm/suse/nodejs6&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
6.9.5-7.1

Ecosystem specific

{
    "binaries": [
        {
            "npm6": "6.9.5-7.1",
            "nodejs6-devel": "6.9.5-7.1",
            "nodejs6-docs": "6.9.5-7.1",
            "nodejs6": "6.9.5-7.1"
        }
    ]
}