Bugzilla – Bug 1176589
VUL-0: CVE-2020-8252: libuv: buffer overflow in realpath
Last modified: 2021-09-03 18:38:14 UTC
CVE-2020-8252 libuv's realpath() implementation performs an incorrect calculation when allocating a buffer, leading to a potential buffer overflow. Upstream advisory: https://nodejs.org/en/blog/vulnerability/september-2020-security-releases/ References: https://bugzilla.redhat.com/show_bug.cgi?id=1879315 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8252
Introduced in upstream version 1.24.0, commit b56d279b172fbe78dee2fb1d29cae9c9c5c6d1c4, which we don't ship yet.
This is an autogenerated message for OBS integration: This bug (1176589) was mentioned in https://build.opensuse.org/request/show/838331 Factory / nodejs10
SUSE-SU-2020:2813-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1172686,1173937,1176589,1176605 CVE References: CVE-2020-15095,CVE-2020-8201,CVE-2020-8252 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs12-12.18.4-4.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2812-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1172686,1173937,1176589,1176605 CVE References: CVE-2020-15095,CVE-2020-8201,CVE-2020-8252 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs12-12.18.4-1.20.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2823-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1172686,1173937,1176589 CVE References: CVE-2020-15095,CVE-2020-8252 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs10-10.22.1-1.30.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2020:2829-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1172686,1173937,1176589 CVE References: CVE-2020-15095,CVE-2020-8252 JIRA References: Sources used: SUSE Linux Enterprise Server for SAP 15 (src): nodejs10-10.22.1-1.27.1 SUSE Linux Enterprise Server 15-LTSS (src): nodejs10-10.22.1-1.27.1 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs10-10.22.1-1.27.1 SUSE Linux Enterprise Module for Web Scripting 15-SP1 (src): nodejs10-10.22.1-1.27.1 SUSE Linux Enterprise High Performance Computing 15-LTSS (src): nodejs10-10.22.1-1.27.1 SUSE Linux Enterprise High Performance Computing 15-ESPOS (src): nodejs10-10.22.1-1.27.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
openSUSE-SU-2020:1616-1: An update that solves three vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1172686,1173937,1176589,1176605 CVE References: CVE-2020-15095,CVE-2020-8201,CVE-2020-8252 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs12-12.18.4-lp152.3.6.1
openSUSE-SU-2020:1660-1: An update that solves two vulnerabilities and has one errata is now available. Category: security (important) Bug References: 1172686,1173937,1176589 CVE References: CVE-2020-15095,CVE-2020-8252 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs10-10.22.1-lp152.2.6.1