SUSE-SU-2017:0431-1: moderate: Security update for nodejs6

sle-updates at sle-updates at
Thu Feb 9 07:10:25 MST 2017

   SUSE Security Update: Security update for nodejs6

Announcement ID:    SUSE-SU-2017:0431-1
Rating:             moderate
References:         #1009528 #1022085 #1022086 
Cross-References:   CVE-2016-7055 CVE-2017-3731 CVE-2017-3732
Affected Products:
                    SUSE Linux Enterprise Module for Web Scripting 12

   An update that fixes three vulnerabilities is now available.


   This update for nodejs6 fixes the following issues:

   New upstream LTS release 6.9.5.

   The embedded openssl sources were updated to 1.0.2k (CVE-2017-3731,
   CVE-2017-3732, CVE-2016-7055, bsc#1022085, bsc#1022086, bsc#1009528)

   Other fixes:
   - Add basic check that Node.js loads successfully to spec file

   - New upstream LTS release 6.9.3
     * build: shared library support is now working for AIX builds
     * deps/npm: upgrade npm to 3.10.10
     * deps/V8: destructuring of arrow function arguments via computed
       property no longer throws
     * inspector: /json/version returns object, not an object wrapped in an
     * module: using --debug-brk and --eval together now works as expected
     * process: improve performance of nextTick up to 20%
     * repl: the division operator will no longer be accidentally parsed as
     * repl: improved support for generator functions
     * timers: recanceling a cancelled timers will no longer throw

   - New upstream LTS version 6.9.2

Patch Instructions:

   To install this SUSE Security Update use YaST online_update.
   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Module for Web Scripting 12:

      zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2017-221=1

   To bring your system up-to-date, use "zypper patch".

Package List:

   - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):


   - SUSE Linux Enterprise Module for Web Scripting 12 (noarch):



More information about the sle-updates mailing list