1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2020:2800-1

[SUSE-SU-2020:2800-1] Security update for nodejs8

Severity Critical
CVEs 4
Info References Vulnerabilities

Security update for nodejs8

This update for nodejs8 fixes the following issues:

  • CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
  • CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442).
  • CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916)
  • CVE-2020-15095: Fixed information leak through log files (bsc#1173937).
  • Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation on Aarch64 with gcc10 (bsc#1172686).
  • Add Require for nodejs8 when intalling npm8 (bsc#1172728)
ID
SUSE-SU-2020:2800-1
Severity
critical
URL
https://www.suse.com/support/update/announcement/2020/suse-su-20202800-1/
Published
2020-09-30T07:56:15
(4 years ago)
Modified
2020-09-30T07:56:15
(4 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date