7733 moderate openSUSE Leap 42.3 Update ports This update for nodejs6 fixes the following issues: Security issues fixed: - CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322). - CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value. - CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64. - CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242). - CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058). Bug fixes: - Update to LTS release 6.12.2 (bsc#1072322): * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/ * https://nodejs.org/en/blog/release/v6.12.2/ * https://nodejs.org/en/blog/release/v6.12.1/ * https://nodejs.org/en/blog/release/v6.12.0/ * https://nodejs.org/en/blog/release/v6.11.5/ * https://nodejs.org/en/blog/release/v6.11.4/ * https://nodejs.org/en/blog/release/v6.11.3/ * https://nodejs.org/en/blog/release/v6.11.2/ This update was imported from the SUSE:SLE-12:Update update project. nodejs6-6.12.2-6.1.ppc64le.rpm nodejs6-6.12.2-6.1.src.rpm nodejs6-debuginfo-6.12.2-6.1.ppc64le.rpm nodejs6-debugsource-6.12.2-6.1.ppc64le.rpm nodejs6-devel-6.12.2-6.1.ppc64le.rpm nodejs6-docs-6.12.2-6.1.noarch.rpm npm6-6.12.2-6.1.ppc64le.rpm nodejs6-6.12.2-6.1.aarch64.rpm nodejs6-debuginfo-6.12.2-6.1.aarch64.rpm nodejs6-debugsource-6.12.2-6.1.aarch64.rpm nodejs6-devel-6.12.2-6.1.aarch64.rpm npm6-6.12.2-6.1.aarch64.rpm nodejs6-6.12.2-6.1.armv7hl.rpm nodejs6-debuginfo-6.12.2-6.1.armv7hl.rpm nodejs6-debugsource-6.12.2-6.1.armv7hl.rpm nodejs6-devel-6.12.2-6.1.armv7hl.rpm npm6-6.12.2-6.1.armv7hl.rpm