|
|
Subscribe / Log in / New account

nodejs4: two vulnerabilities

Package(s):nodejs4 CVE #(s):CVE-2016-5325 CVE-2016-7099
Created:October 7, 2016 Updated:October 28, 2016
Description: From the SUSE bug reports:

CVE-2016-5325: An unspecified low-severity Node.js HTTP processing vulnerability was found and will be fixed in latest update. Details are currently embargoed until new releases are available.

CVE-2016-7099: This is a high severity defect that would allow a malicious TLS server to serve an invalid wildcard certificate for its hostname and be improperly validated by a Node.js client. This is due to a flaw in the validation of *. in the wildcard name string.

Alerts:
SUSE SUSE-SU-2016:2470-2 nodejs4 2016-11-01
Red Hat RHSA-2016:2101-01 nodejs and nodejs-tough-cookie 2016-10-27
openSUSE openSUSE-SU-2016:2496-1 nodejs 2016-10-11
Fedora FEDORA-2016-861b8c46b7 nodejs 2016-10-10
SUSE SUSE-SU-2016:2470-1 nodejs4 2016-10-06
Red Hat RHSA-2017:0002-01 rh-nodejs4-nodejs and rh-nodejs4-http-parser 2017-01-02
Gentoo 201612-43 nodejs 2016-12-13
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds