Linux repositories inspector

nodejs6 - Evented I/O for V8 JavaScript

Node.js is a JavaScript runtime built on Chrome's V8 JavaScript engine. Node.js uses an event-driven, non-blocking I/O model. Node.js has a package ecosystem provided by npm.
6.17.0
OpenSUSE iconOpenSUSE Leap 42.3
6.16.0
OpenSUSE iconOpenSUSE Leap 42.3
6.14.4
OpenSUSE iconOpenSUSE Leap 42.3
6.14.3
OpenSUSE iconOpenSUSE Leap 42.3
6.14.1
OpenSUSE iconOpenSUSE Leap 42.3
6.12.2
OpenSUSE iconOpenSUSE Leap 42.3
6.11.1
OpenSUSE iconOpenSUSE Leap 42.3
6.9.5
OpenSUSE iconOpenSUSE Leap 42.3
DistributionVersionSincePackageInstalledPackager
OpenSUSE iconOpenSUSE Leap 42.3 ossrpm6.9.5-1.22019-01-174.19 MiB16.3 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.17.0-21.12019-04-084.37 MiB16.8 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.16.0-18.12019-02-224.37 MiB16.8 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.14.4-15.12019-01-214.37 MiB16.8 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.14.3-12.12019-01-214.37 MiB16.8 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.14.1-9.22019-01-214.35 MiB16.7 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.12.2-6.12019-01-214.34 MiB16.7 MiBhttp://bugs.opensuse.org
OpenSUSE iconOpenSUSE Leap 42.3 update/ossrpm6.11.1-3.12019-01-214.2 MiB16 MiBhttp://bugs.opensuse.org

Manual pages

node(1)

node - server-side JavaScript runtime

node6(1)

node6 - Server-side JavaScript runtime

Latest updates

OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.16.0-18.1 to 6.17.0-21.1

2019-04-08
  • New upstream LTS release 6.17.0:
    • deps: OpenSSL has been upgraded to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data.
      (CVE-2019-1559, bsc#1127080)
    • http:
      • Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential
      Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
      • Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.17.0-1.1 removed

2019-03-15
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.5 to 6.17.0-1.1

2019-03-10
  • New upstream LTS release 6.17.0:
    • deps: OpenSSL has been upgraded to 1.0.2r. Under certain circumstances, a TLS server can be forced to respond differently to a client if a zero-byte record is received with an invalid padding compared to a zero-byte record with an invalid MAC. This can be used as the basis of a padding oracle attack to decrypt data.
      (CVE-2019-1559, bsc#1127080)
    • http:
      • Backport server.keepAliveTimeout to prevent keep-alive
      HTTP and HTTPS connections remaining open and inactive for an extended period of time, leading to a potential
      Denial of Service (DoS). (CVE-2019-5739, bsc#1127533)
      • Further prevention of "Slowloris" attacks on HTTP and HTTPS
      connections by consistently applying the receive timeout set by server.headersTimeout to connections in keep-alive mode. (CVE-2019-5737, bsc#1127532)
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.14.4-15.1 to 6.16.0-18.1

2019-02-22
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.4 to 6.16.0-1.5

2019-02-15
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.3 to 6.16.0-1.4

2019-02-05
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Updated from 6.16.0-1.1 to 6.16.0-1.3

2019-02-03
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.16.0-1.1 reintroduced

2019-01-23
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.14.3-12.1 to 6.14.4-15.1

2019-01-21
  • New upstream LTS release 6.14.4:
    • buffer: Fix out-of-bounds (OOB) write in Buffer.write() for UCS-2 encoding (CVE-2018-12115, bsc#1105019)
    • deps: Upgrade to OpenSSL 1.0.2p, fixing:
      • Client DoS due to large DH parameter
      (CVE-2018-0732, bsc#1097158)
      • ECDSA key extraction via local side-channel
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.14.1-9.2 to 6.14.3-12.1

2019-01-21
  • New upstream LTS release 6.14.3:
    • buffer: Fixes Denial of Service vulnerability where calling Buffer.fill() could hang (CVE-2018-7167, bsc#1097375)
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.12.2-6.1 to 6.14.1-9.2

2019-01-21
  • Fix some node-gyp permissions
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Updated from 6.11.1-3.1 to 6.12.2-6.1

2019-01-21
  • Dropped 8334.diff - no longer needed
OpenSUSE icon

OpenSUSE Leap 42.3 update/oss: Version 6.11.1-3.1 introduced

2019-01-21
  • Fix update-alternative handling in %postun - don't remove links on upgrades.
OpenSUSE icon

OpenSUSE Leap 42.3 oss: Version 6.9.5-1.2 introduced

2019-01-17
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.16.0-1.1 removed

2019-01-17
OpenSUSE icon

OpenSUSE Tumbleweed oss: Version 6.16.0-1.1 introduced

2019-01-17
  • Update upstream LTS release 6.16.0:
    • cli: add --max-http-header-size flag
    • http: add maxHeaderSize property
  • Changes in LTS release 6.15.0:
    • debugger: prevent the debugger from listening on 0.0.0.0. It now defaults to 127.0.0.1. (CVE-2018-12120, bsc#1117625)
    • deps: Upgrade to OpenSSL 1.0.2q, fixing
      CVE-2018-0734 (bsc#1113652) and CVE-2018-5407 (bsc#1113534)
    • http:
      • Headers received by HTTP servers must not exceed 8192 bytes
      in total to prevent possible Denial of Service attacks.
      (CVE-2018-12121, bsc#1117626)
      • A timeout of 40 seconds now applies to servers receiving
      HTTP headers. This value can be adjusted with
      server.headersTimeout. Where headers are not completely received within this period, the socket is destroyed on the next received chunk. In conjunction with
      server.setTimeout(), this aids in protecting against excessive resource retention and possible Denial of Service. (CVE-2018-12122, bsc#1117627)
      • Two-byte characters are now strictly disallowed for the path
      option in HTTP client requests. Paths containing characters outside of the range \u0021 - \u00ff will now be rejected with a TypeError. This behavior can be reverted if necessary by supplying the --security-revert=CVE-2018-12116 command line argument (this is not recommended).
      (CVE-2018-12116, bsc#1117630)
    • util: Fix a bug that would allow a hostname being spoofed when parsing URLs with url.parse() with the 'javascript:' protocol. (CVE-2018-12123, bsc#1117629)
  • skip_test_on_lowmem.patch: skip test on low-memory build machine

Related packages

nodejs6-debuginfo - Debug information for package nodejs6
nodejs6-debugsource - Debug sources for package nodejs6
nodejs6-devel - Files needed for development of NodeJS platforms
nodejs6-docs - Node.js API documentation
⇧ Top