Security update for nodejs (important)

This update for nodejs to version 4.4.5 fixes the several issues.

These security issues introduced by the bundled openssl were fixed by
going to version 1.0.2h:

• CVE-2016-2107: The AES-NI implementation in OpenSSL did not consider
  memory allocation during a certain padding check, which allowed remote
  attackers to obtain sensitive cleartext information via a padding-oracle
  attack against an AES CBC session (bsc#977616).
• CVE-2016-2105: Integer overflow in the EVP_EncodeUpdate function in
  crypto/evp/encode.c in OpenSSL allowed remote attackers to cause a
  denial of service (heap memory corruption) via a large amount of binary
  data (bsc#977614).
• CVE-2016-0705: Double free vulnerability in the dsa_priv_decode function
  in crypto/dsa/dsa_ameth.c in OpenSSL allowed remote attackers to cause a
  denial of service (memory corruption) or possibly have unspecified other
  impact via a malformed DSA private key (bsc#968047).
• CVE-2016-0797: Multiple integer overflows in OpenSSL allowed remote
  attackers to cause a denial of service (heap memory corruption or NULL
  pointer dereference) or possibly have unspecified other impact via a
  long digit string that is mishandled by the (1) BN_dec2bn or (2)
  BN_hex2bn function, related to crypto/bn/bn.h and crypto/bn/bn_print.c
  (bsc#968048).
• CVE-2016-0702: The MOD_EXP_CTIME_COPY_FROM_PREBUF function in
  crypto/bn/bn_exp.c in OpenSSL did not properly consider cache-bank
  access times during modular exponentiation, which made it easier for
  local users to discover RSA keys by running a crafted application on the
  same Intel Sandy Bridge CPU core as a victim and leveraging cache-bank
  conflicts, aka a "CacheBleed" attack (bsc#968050).

These non-security issues were fixed:

• Fix faulty "if" condition (string cannot equal a boolean).
• buffer: Buffer no longer errors if you call lastIndexOf with a search
  term longer than the buffer.
• contextify: Context objects are now properly garbage collected, this
  solves a problem some individuals were experiencing with extreme memory
  growth.
• Update npm to 2.15.5.
• http: Invalid status codes can no longer be sent. Limited to 3 digit
  numbers between 100 - 999.
• deps: Fix --gdbjit for embedders. Backported from v8 upstream.
• querystring: Restore throw when attempting to stringify bad surrogate
  pair.
• https: Under certain conditions SSL sockets may have been causing a
  memory leak when keepalive is enabled. This is no longer the case.
• lib: The way that we were internally passing arguments was causing a
  potential leak. By copying the arguments into an array we can avoid this.
• repl: Previously if you were using the repl in strict mode the column
  number would be wrong in a stack trace. This is no longer an issue.
• deps: An update to v8 that introduces a new flag
  –perf_basic_prof_only_functions.
• http: A new feature in http(s) agent that catches errors on keep alived
  connections.
• src: Better support for big-endian systems.
• tls: A new feature that allows you to pass common SSL options to
  tls.createSecurePair.
• build: Support python path that includes spaces.
• https: A potential fix for #3692 (HTTP/HTTPS client requests throwing
  EPROTO).
• installer: More readable profiling information from isolate tick logs.
• process: Add support for symbols in event emitters (symbols didn’t exist
  when it was written).
• querystring: querystring.parse() is now 13-22% faster!
• streams: Performance improvements for moving small buffers that shows a
  5% throughput gain. IoT projects have been seen to be as much as 10%
  faster with this change!