SUSE-SU-2017:0855-1

Source
https://www.suse.com/support/update/announcement/2017/suse-su-20170855-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2017:0855-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2017:0855-1
Related
Published
2017-03-29T11:01:13Z
Modified
2017-03-29T11:01:13Z
Summary
Security update for nodejs4
Details

This update for nodejs4 fixes the following issues:

  • New upstream LTS release 4.7.3 The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528)
  • No changes in LTS version 4.7.2

  • New upstream LTS release 4.7.1

    • build: shared library support is now working for AIX builds
    • repl: passing options to the repl will no longer overwrite defaults
    • timers: recanceling a cancelled timers will no longer throw
  • New upstream LTS version 4.7.0

    • build: introduce the configure --shared option for embedders
    • debugger: make listen address configurable in debugger server
    • dgram: generalized send queue to handle close, fixing a potential throw when dgram socket is closed in the listening event handler
    • http: introduce the 451 status code 'Unavailable For Legal Reasons'
    • gtest: the test reporter now outputs tap comments as yamlish
    • tls: introduce secureContext for tls.connect (useful for caching client certificates, key, and CA certificates)
    • tls: fix memory leak when writing data to TLSWrap instance during handshake
    • src: node no longer aborts when c-ares initialization fails
    • ported and updated system CA store for the new node crypto code
  • New upstream LTS version 4.6.2

    • build:
      • It is now possible to build the documentation from the release tarball.
    • buffer:
      • Buffer.alloc() will no longer incorrectly return a zero filled buffer when an encoding is passed.
    • deps:
      • Upgrade npm in LTS to 2.15.11.
    • repl:
      • Enable tab completion for global properties.
    • url:
      • url.format() will now encode all '#' in search.
  • Add missing conflicts to base package. It's not possible to have concurrent nodejs installations.

  • enable usage of system certificate store on SLE11SP4 by requiring openssl1 (bsc#1000036)

References

Affected packages

SUSE:Linux Enterprise Module for Web and Scripting 12 / nodejs4

Package

Name
nodejs4
Purl
purl:rpm/suse/nodejs4&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.3-14.1

Ecosystem specific

{
    "binaries": [
        {
            "nodejs4-docs": "4.7.3-14.1",
            "nodejs4-devel": "4.7.3-14.1",
            "nodejs4": "4.7.3-14.1",
            "npm4": "4.7.3-14.1"
        }
    ]
}

SUSE:Enterprise Storage 4 / nodejs4

Package

Name
nodejs4
Purl
purl:rpm/suse/nodejs4&distro=SUSE%20Enterprise%20Storage%204

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.7.3-14.1

Ecosystem specific

{
    "binaries": [
        {
            "nodejs4": "4.7.3-14.1"
        }
    ]
}