SUSE-SU-2017:0431-1: moderate: Security update for nodejs6

sle-security-updates at lists.suse.com sle-security-updates at lists.suse.com
Thu Feb 9 07:10:25 MST 2017 

   SUSE Security Update: Security update for nodejs6
______________________________________________________________________________

Announcement ID:    SUSE-SU-2017:0431-1
Rating:             moderate
References:         #1009528 #1022085 #1022086 
Cross-References:   CVE-2016-7055 CVE-2017-3731 CVE-2017-3732
                   
Affected Products:
                    SUSE Linux Enterprise Module for Web Scripting 12
______________________________________________________________________________

   An update that fixes three vulnerabilities is now available.

Description:


   This update for nodejs6 fixes the following issues:

   New upstream LTS release 6.9.5.

   The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731,
   CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528)

   Other fixes:
   - Add basic check that Node.js loads successfully to spec file

   - New upstream LTS release 6.9.3
     * build: shared library support is now working for AIX builds
     * deps/npm: upgrade npm to 3.10.10
     * deps/V8: destructuring of arrow function arguments via computed
       property no longer throws
     * inspector: /json/version returns object, not an object wrapped in an
       array
     * module: using --debug-brk and --eval together now works as expected
     * process: improve performance of nextTick up to 20%
     * repl: the division operator will no longer be accidentally parsed as
       regex
     * repl: improved support for generator functions
     * timers: recanceling a cancelled timers will no longer throw

   - New upstream LTS version 6.9.2


Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Web Scripting 12:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-221=1

   To bring your system up-to-date, use "zypper patch".


Package List:

   - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):

      nodejs6-6.9.5-7.1
      nodejs6-debuginfo-6.9.5-7.1
      nodejs6-debugsource-6.9.5-7.1
      nodejs6-devel-6.9.5-7.1
      npm6-6.9.5-7.1

   - SUSE Linux Enterprise Module for Web Scripting 12 (noarch):

      nodejs6-docs-6.9.5-7.1


References:

   https://www.suse.com/security/cve/CVE-2016-7055.html
   https://www.suse.com/security/cve/CVE-2017-3731.html
   https://www.suse.com/security/cve/CVE-2017-3732.html
   https://bugzilla.suse.com/1009528
   https://bugzilla.suse.com/1022085
   https://bugzilla.suse.com/1022086

More information about the sle-security-updates mailing list