{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs6":"6.12.2-11.8.1"}]},"package":{"ecosystem":"SUSE:OpenStack Cloud 7","name":"nodejs6","purl":"pkg:rpm/suse/nodejs6&distro=SUSE%20OpenStack%20Cloud%207"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.12.2-11.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nodejs6":"6.12.2-11.8.1","nodejs6-devel":"6.12.2-11.8.1","nodejs6-docs":"6.12.2-11.8.1","npm6":"6.12.2-11.8.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","name":"nodejs6","purl":"pkg:rpm/suse/nodejs6&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.12.2-11.8.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"nodejs6":"6.12.2-11.8.1"}]},"package":{"ecosystem":"SUSE:Enterprise Storage 4","name":"nodejs6","purl":"pkg:rpm/suse/nodejs6&distro=SUSE%20Enterprise%20Storage%204"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"6.12.2-11.8.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs6 fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2017-15896: Vulnerable to CVE-2017-3737 due to embedded OpenSSL (bsc#1072322).\n- CVE-2017-14919: Embedded zlib issue could cause a DoS via specific windowBits value.\n- CVE-2017-3738: Embedded OpenSSL is vulnerable to rsaz_1024_mul_avx2 overflow bug on x86_64.\n- CVE-2017-3736: Embedded OpenSSL is vulnerable to bn_sqrx8x_internal carry bug on x86_64 (bsc#1066242).\n- CVE-2017-3735: Embedded OpenSSL is vulnerable to malformed X.509 IPAdressFamily that could cause OOB read (bsc#1056058).\n\nBug fixes:\n\n- Update to LTS release 6.12.2 (bsc#1072322):\n  * https://nodejs.org/en/blog/vulnerability/december-2017-security-releases/\n  * https://nodejs.org/en/blog/release/v6.12.2/\n  * https://nodejs.org/en/blog/release/v6.12.1/\n  * https://nodejs.org/en/blog/release/v6.12.0/\n  * https://nodejs.org/en/blog/release/v6.11.5/\n  * https://nodejs.org/en/blog/release/v6.11.4/\n  * https://nodejs.org/en/blog/release/v6.11.3/\n  * https://nodejs.org/en/blog/release/v6.11.2/\n","id":"SUSE-SU-2018:0293-1","modified":"2018-01-30T09:03:06Z","published":"2018-01-30T09:03:06Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2018/suse-su-20180293-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1056058"},{"type":"REPORT","url":"https://bugzilla.suse.com/1066242"},{"type":"REPORT","url":"https://bugzilla.suse.com/1072322"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-14919"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-15896"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3735"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3736"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2017-3738"}],"related":["CVE-2017-14919","CVE-2017-15896","CVE-2017-3735","CVE-2017-3736","CVE-2017-3738"],"summary":"Security update for nodejs6","upstream":["CVE-2017-14919","CVE-2017-15896","CVE-2017-3735","CVE-2017-3736","CVE-2017-3738"]}