Security update for nodejs SUSE Patch security@suse.de SUSE Security Team openSUSE-SU-2016:1834-1 Final 1 1 2016-07-20T06:58:58Z current 2016-07-20T06:58:58Z 2016-07-20T06:58:58Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nodejs This update for nodejs fixes the following issue: - CVE-2016-1669: * fix buffer overflow in v8 (boo#987919) The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html E-Mail link for openSUSE-SU-2016:1834-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings openSUSE Leap 42.1 nodejs-4.4.5-30.2 nodejs-devel-4.4.5-30.2 nodejs-docs-4.4.5-30.2 npm-4.4.5-30.2 nodejs-4.4.5-30.2 as a component of openSUSE Leap 42.1 nodejs-devel-4.4.5-30.2 as a component of openSUSE Leap 42.1 nodejs-docs-4.4.5-30.2 as a component of openSUSE Leap 42.1 npm-4.4.5-30.2 as a component of openSUSE Leap 42.1 The Zone::New function in zone.cc in Google V8 before 5.0.71.47, as used in Google Chrome before 50.0.2661.102, does not properly determine when to expand certain memory allocations, which allows remote attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via crafted JavaScript code. CVE-2016-1669 openSUSE Leap 42.1:nodejs-4.4.5-30.2 openSUSE Leap 42.1:nodejs-devel-4.4.5-30.2 openSUSE Leap 42.1:nodejs-docs-4.4.5-30.2 openSUSE Leap 42.1:npm-4.4.5-30.2 moderate 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P Please Install the update. https://lists.opensuse.org/opensuse-updates/2016-07/msg00063.html https://www.suse.com/security/cve/CVE-2016-1669.html CVE-2016-1669 https://bugzilla.suse.com/979859 SUSE Bug 979859 https://bugzilla.suse.com/987919 SUSE Bug 987919