Vulnerability from csaf_suse
Published
2018-04-16 15:32
Modified
2018-04-16 15:32
Summary
Security update for nodejs4
Notes
Title of the patch
Security update for nodejs4
Description of the patch
This update for nodejs4 fixes the following issues:
- Fix some node-gyp permissions
- New upstream maintenance 4.9.1:
* Security fixes:
+ CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459)
+ CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453)
* Upgrade to OpenSSL 1.0.2o
* deps: reject interior blanks in Content-Length
* deps: upgrade http-parser to v2.8.0
- remove any old manpage files in %pre from before update-alternatives
were used to manage symlinks to these manpages.
- Add Recommends and BuildRequire on python2 for npm. node-gyp
requires this old version of python for now. This is only needed
for binary modules.
- even on recent codestreams there is no binutils gold on s390
only on s390x
- Enable CI tests in %check target
Patchnames
SUSE-SLE-Module-Web-Scripting-12-2018-649,SUSE-Storage-4-2018-649
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{ document: { aggregate_severity: { namespace: "https://www.suse.com/support/security/rating/", text: "moderate", }, category: "csaf_security_advisory", csaf_version: "2.0", distribution: { text: "Copyright 2024 SUSE LLC. All rights reserved.", tlp: { label: "WHITE", url: "https://www.first.org/tlp/", }, }, lang: "en", notes: [ { category: "summary", text: "Security update for nodejs4", title: "Title of the patch", }, { category: "description", text: "This update for nodejs4 fixes the following issues:\n\n- Fix some node-gyp permissions\n\n- New upstream maintenance 4.9.1:\n * Security fixes:\n + CVE-2018-7158: Fix for 'path' module regular expression denial of service (bsc#1087459)\n + CVE-2018-7159: Reject spaces in HTTP Content-Length header values (bsc#1087453)\n * Upgrade to OpenSSL 1.0.2o\n * deps: reject interior blanks in Content-Length\n * deps: upgrade http-parser to v2.8.0\n\n- remove any old manpage files in %pre from before update-alternatives\n were used to manage symlinks to these manpages.\n\n- Add Recommends and BuildRequire on python2 for npm. node-gyp\n requires this old version of python for now. This is only needed\n for binary modules.\n\n- even on recent codestreams there is no binutils gold on s390\n only on s390x\n\n- Enable CI tests in %check target\n ", title: "Description of the patch", }, { category: "details", text: "SUSE-SLE-Module-Web-Scripting-12-2018-649,SUSE-Storage-4-2018-649", title: "Patchnames", }, { category: "legal_disclaimer", text: "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).", title: "Terms of use", }, ], publisher: { category: "vendor", contact_details: "https://www.suse.com/support/security/contact/", name: "SUSE Product Security Team", namespace: "https://www.suse.com/", }, references: [ { category: "external", summary: "SUSE ratings", url: "https://www.suse.com/support/security/rating/", }, { category: "self", summary: "URL of this CSAF notice", url: "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2018_0952-1.json", }, { category: "self", summary: "URL for SUSE-SU-2018:0952-1", url: "https://www.suse.com/support/update/announcement/2018/suse-su-20180952-1/", }, { category: "self", summary: "E-Mail link for SUSE-SU-2018:0952-1", url: "https://lists.suse.com/pipermail/sle-security-updates/2018-April/003892.html", }, { category: "self", summary: "SUSE Bug 1087453", url: "https://bugzilla.suse.com/1087453", }, { category: "self", summary: "SUSE Bug 1087459", url: "https://bugzilla.suse.com/1087459", }, { category: "self", summary: "SUSE CVE CVE-2018-7158 page", url: "https://www.suse.com/security/cve/CVE-2018-7158/", }, { category: "self", summary: "SUSE CVE CVE-2018-7159 page", url: "https://www.suse.com/security/cve/CVE-2018-7159/", }, ], title: "Security update for nodejs4", tracking: { current_release_date: "2018-04-16T15:32:06Z", generator: { date: "2018-04-16T15:32:06Z", engine: { name: "cve-database.git:bin/generate-csaf.pl", version: "1", }, }, id: "SUSE-SU-2018:0952-1", initial_release_date: "2018-04-16T15:32:06Z", revision_history: [ { date: "2018-04-16T15:32:06Z", number: "1", summary: "Current version", }, ], status: "final", version: "1", }, }, product_tree: { branches: [ { branches: [ { branches: [ { category: "product_version", name: "nodejs4-4.9.1-15.11.1.aarch64", product: { name: "nodejs4-4.9.1-15.11.1.aarch64", product_id: "nodejs4-4.9.1-15.11.1.aarch64", }, }, { category: "product_version", name: "nodejs4-devel-4.9.1-15.11.1.aarch64", product: { name: "nodejs4-devel-4.9.1-15.11.1.aarch64", product_id: "nodejs4-devel-4.9.1-15.11.1.aarch64", }, }, { category: "product_version", name: "npm4-4.9.1-15.11.1.aarch64", product: { name: "npm4-4.9.1-15.11.1.aarch64", product_id: "npm4-4.9.1-15.11.1.aarch64", }, }, ], category: "architecture", name: "aarch64", }, { branches: [ { category: "product_version", name: "nodejs4-docs-4.9.1-15.11.1.noarch", product: { name: "nodejs4-docs-4.9.1-15.11.1.noarch", product_id: "nodejs4-docs-4.9.1-15.11.1.noarch", }, }, ], category: "architecture", name: "noarch", }, { branches: [ { category: "product_version", name: "nodejs4-4.9.1-15.11.1.ppc64le", product: { name: "nodejs4-4.9.1-15.11.1.ppc64le", product_id: "nodejs4-4.9.1-15.11.1.ppc64le", }, }, { category: "product_version", name: "nodejs4-devel-4.9.1-15.11.1.ppc64le", product: { name: "nodejs4-devel-4.9.1-15.11.1.ppc64le", product_id: "nodejs4-devel-4.9.1-15.11.1.ppc64le", }, }, { category: "product_version", name: "npm4-4.9.1-15.11.1.ppc64le", product: { name: "npm4-4.9.1-15.11.1.ppc64le", product_id: "npm4-4.9.1-15.11.1.ppc64le", }, }, ], category: "architecture", name: "ppc64le", }, { branches: [ { category: "product_version", name: "nodejs4-4.9.1-15.11.1.x86_64", product: { name: "nodejs4-4.9.1-15.11.1.x86_64", product_id: "nodejs4-4.9.1-15.11.1.x86_64", }, }, { category: "product_version", name: "nodejs4-devel-4.9.1-15.11.1.x86_64", product: { name: "nodejs4-devel-4.9.1-15.11.1.x86_64", product_id: "nodejs4-devel-4.9.1-15.11.1.x86_64", }, }, { category: "product_version", name: "npm4-4.9.1-15.11.1.x86_64", product: { name: "npm4-4.9.1-15.11.1.x86_64", product_id: "npm4-4.9.1-15.11.1.x86_64", }, }, ], category: "architecture", name: "x86_64", }, { branches: [ { category: "product_name", name: "SUSE Linux Enterprise Module for Web and Scripting 12", product: { name: "SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12", product_identification_helper: { cpe: "cpe:/o:suse:sle-module-web-scripting:12", }, }, }, { category: "product_name", name: "SUSE Enterprise Storage 4", product: { name: "SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4", product_identification_helper: { cpe: "cpe:/o:suse:ses:4", }, }, }, ], category: "product_family", name: "SUSE Linux Enterprise", }, ], category: "vendor", name: "SUSE", }, ], relationships: [ { category: "default_component_of", full_product_name: { name: "nodejs4-4.9.1-15.11.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.aarch64", }, product_reference: "nodejs4-4.9.1-15.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs4-4.9.1-15.11.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.ppc64le", }, product_reference: "nodejs4-4.9.1-15.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs4-4.9.1-15.11.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.x86_64", }, product_reference: "nodejs4-4.9.1-15.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs4-devel-4.9.1-15.11.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.aarch64", }, product_reference: "nodejs4-devel-4.9.1-15.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs4-devel-4.9.1-15.11.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.ppc64le", }, product_reference: "nodejs4-devel-4.9.1-15.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs4-devel-4.9.1-15.11.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.x86_64", }, product_reference: "nodejs4-devel-4.9.1-15.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs4-docs-4.9.1-15.11.1.noarch as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.11.1.noarch", }, product_reference: "nodejs4-docs-4.9.1-15.11.1.noarch", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm4-4.9.1-15.11.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.aarch64", }, product_reference: "npm4-4.9.1-15.11.1.aarch64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm4-4.9.1-15.11.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.ppc64le", }, product_reference: "npm4-4.9.1-15.11.1.ppc64le", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "npm4-4.9.1-15.11.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12", product_id: "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.x86_64", }, product_reference: "npm4-4.9.1-15.11.1.x86_64", relates_to_product_reference: "SUSE Linux Enterprise Module for Web and Scripting 12", }, { category: "default_component_of", full_product_name: { name: "nodejs4-4.9.1-15.11.1.aarch64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.aarch64", }, product_reference: "nodejs4-4.9.1-15.11.1.aarch64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, { category: "default_component_of", full_product_name: { name: "nodejs4-4.9.1-15.11.1.x86_64 as component of SUSE Enterprise Storage 4", product_id: "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.x86_64", }, product_reference: "nodejs4-4.9.1-15.11.1.x86_64", relates_to_product_reference: "SUSE Enterprise Storage 4", }, ], }, vulnerabilities: [ { cve: "CVE-2018-7158", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-7158", }, ], notes: [ { category: "general", text: "The `'path'` module in the Node.js 4.x release line contains a potential regular expression denial of service (ReDoS) vector. The code in question was replaced in Node.js 6.x and later so this vulnerability only impacts all versions of Node.js 4.x. The regular expression, `splitPathRe`, used within the `'path'` module for the various path parsing functions, including `path.dirname()`, `path.extname()` and `path.parse()` was structured in such a way as to allow an attacker to craft a string, that when passed through one of these functions, could take a significant amount of time to evaluate, potentially leading to a full denial of service.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.11.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-7158", url: "https://www.suse.com/security/cve/CVE-2018-7158", }, { category: "external", summary: "SUSE Bug 1087459 for CVE-2018-7158", url: "https://bugzilla.suse.com/1087459", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.11.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.9, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.11.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-04-16T15:32:06Z", details: "moderate", }, ], title: "CVE-2018-7158", }, { cve: "CVE-2018-7159", ids: [ { system_name: "SUSE CVE Page", text: "https://www.suse.com/security/cve/CVE-2018-7159", }, ], notes: [ { category: "general", text: "The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete.", title: "CVE description", }, ], product_status: { recommended: [ "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.11.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.x86_64", ], }, references: [ { category: "external", summary: "CVE-2018-7159", url: "https://www.suse.com/security/cve/CVE-2018-7159", }, { category: "external", summary: "SUSE Bug 1087453 for CVE-2018-7159", url: "https://bugzilla.suse.com/1087453", }, ], remediations: [ { category: "vendor_fix", details: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n", product_ids: [ "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.11.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.x86_64", ], }, ], scores: [ { cvss_v3: { baseScore: 5.3, baseSeverity: "MEDIUM", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", version: "3.0", }, products: [ "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Enterprise Storage 4:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.11.1.x86_64", "SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.11.1.noarch", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.aarch64", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.ppc64le", "SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.11.1.x86_64", ], }, ], threats: [ { category: "impact", date: "2018-04-16T15:32:06Z", details: "low", }, ], title: "CVE-2018-7159", }, ], }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.