The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a vigilance database and tools to fix them.

Vulnerability of Node Core: five vulnerabilities

Synthesis of the vulnerability 

An attacker can use several vulnerabilities of Node Core.
Vulnerable products: BIG-IP Hardware, TMOS, IBM API Connect, IBM i, I-Connect, IRAD, Nodejs Core, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity of this weakness: 3/4.
Number of vulnerabilities in this bulletin: 5.
Creation date: 28/11/2018.
Références of this bulletin: CVE-2018-12116, CVE-2018-12120, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123, ibm10787619, ibm10794537, ibm10878136, K37111863, openSUSE-SU-2019:0088-1, openSUSE-SU-2019:0089-1, openSUSE-SU-2019:0234-1, RHSA-2019:1821-01, RHSA-2019:2258-01, RHSA-2019:3497-01, SUSE-SU-2019:0117-1, SUSE-SU-2019:0118-1, SUSE-SU-2019:0395-1, VIGILANCE-VUL-27900.

Description of the vulnerability 

An attacker can use several vulnerabilities of Node Core.
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

This vulnerability bulletin impacts software or systems such as BIG-IP Hardware, TMOS, IBM API Connect, IBM i, I-Connect, IRAD, Nodejs Core, openSUSE Leap, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.

Our Vigil@nce team determined that the severity of this security note is important.

The trust level is of type confirmed by the editor, with an origin of internet client.

This bulletin is about 5 vulnerabilities.

An attacker with a expert ability can exploit this cybersecurity note.

Solutions for this threat 

Node Core: version 11.3.0.
The version 11.3.0 is fixed:
  https://nodejs.org/en/download/

Node Core: version 10.14.0.
The version 10.14.0 is fixed:
  https://nodejs.org/en/download/

Node Core: version 8.14.0.
The version 8.14.0 is fixed:
  https://nodejs.org/en/download/

Node Core: version 6.15.1.
The version 6.15.1 is fixed:
  https://nodejs.org/en/download/

F5 BIG-IP: solution for NodeJS.
The solution is indicated in information sources.

IBM API Connect: patch for nodeJS.
A patch is indicated in information sources.

IBM i: solution for Node.js.
The solution is indicated in information sources.

IBM Rational Application Developer for WebSphere: solution for Node.js.
The solution is indicated in information sources.

openSUSE Leap 15.0: new nodejs8 packages.
New packages are available:
  openSUSE Leap 15.0: nodejs8 8.15.0-lp150.2.9.1

openSUSE Leap 42.3: new nodejs4 packages.
New packages are available:
  openSUSE Leap 42.3: nodejs4 4.9.1-20.1

openSUSE Leap 42.3: new nodejs6 packages.
New packages are available:
  openSUSE Leap 42.3: nodejs6 6.16.0-18.1

Oracle Solaris: patch for third party software of April 2020 v2.
A patch is available:
  https://support.oracle.com/rs?type=doc&id=1448883.1

RHEL 7: new http-parser packages.
New packages are available:
  RHEL 7: http-parser 2.7.1-8.el7

RHEL 7: new rh-nodejs8-nodejs packages.
New packages are available:
  RHEL 7: rh-nodejs8-nodejs 8.16.0-1.el7

RHEL 8: new http-parser packages.
New packages are available:
  RHEL 8: http-parser 2.8.0-5.el8

SUSE LE 12: new nodejs4 packages.
New packages are available:
  SUSE LE 12 RTM-SP4: nodejs4 4.9.1-15.17.1

SUSE LE 12: new nodejs6 packages.
New packages are available:
  SUSE LE 12 RTM-SP4: nodejs6 6.16.0-11.21.1

SUSE LE 15: new nodejs8 packages.
New packages are available:
  SUSE LE 15 RTM: nodejs8 8.15.0-3.11.1
Full bulletin, software filtering, emails, fixes, ... (Request your free trial)

Computer vulnerabilities tracking service 

Vigil@nce provides a networks vulnerabilities note. The technology watch team tracks security threats targeting the computer system.