openSUSE Optional Update: Recommended update for nodejs ______________________________________________________________________________ Announcement ID: openSUSE-OU-2015:1624-1 Rating: low References: #895262 Affected Products: openSUSE 13.2 openSUSE 13.1 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: Nodejs was updated to v4.0.0, bringing features, bug and security fixes. * child_process: ChildProcess.prototype.send() and process.send() operate asynchronously across all platforms so an optional callback parameter has been introduced that will be invoked once the message has been sent. * node: Rename "io.js" code to "Node.js". * node-gyp: This release bundles an updated version of node-gyp that works with all versions of Node.js and io.js including nightly and release candidate builds. From io.js v3 and Node.js v4 onward, it will only download a headers tarball when building addons rather than the entire source. * npm: Upgrade to version 2.14.2 from 2.13.3, includes a security update. * timers: Improved timer performance from porting the 0.12 implementation, plus minor fixes. * util: The util.is*() functions have been deprecated, beginning with deprecation warnings in the documentation for this release, users are encouraged to seek more robust alternatives in the npm registry. * v8: Upgrade to version 4.5.103.30 from 4.4.63.30 Patch Instructions: To install this openSUSE Optional Update use YaST online_update. Alternatively you can run the command listed for your product: - openSUSE 13.2: zypper in -t patch openSUSE-2015-604=1 - openSUSE 13.1: zypper in -t patch openSUSE-2015-604=1 To bring your system up-to-date, use "zypper patch". Package List: - openSUSE 13.2 (i586 x86_64): nodejs-4.0.0-2.3.1 nodejs-debuginfo-4.0.0-2.3.1 nodejs-debugsource-4.0.0-2.3.1 nodejs-devel-4.0.0-2.3.1 - openSUSE 13.2 (noarch): nodejs-doc-4.0.0-2.3.1 - openSUSE 13.1 (i586 x86_64): nodejs-4.0.0-3.7.1 nodejs-debuginfo-4.0.0-3.7.1 nodejs-debugsource-4.0.0-3.7.1 nodejs-devel-4.0.0-3.7.1 - openSUSE 13.1 (noarch): nodejs-doc-4.0.0-3.7.1 References: https://www.suse.com/security/cve/CVE-2013-4450.html https://www.suse.com/security/cve/CVE-2014-5256.html https://bugzilla.suse.com/895262