SUSE Bug Fix for Nodejs10 - 2019:2259-1 Important DoS Threats
suse
September 2, 2019
An update that fixes 8 vulnerabilities is now available
Summary
This update for nodejs10 to version 10.16.3 fixes the following issues: Security issues fixed: - CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091). - CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099). - CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094). - CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095). - CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
References
#1146090 #1146091 #1146093 #1146094 #1146095
#1146097 #1146099 #1146100
Cross- CVE-2019-9511 CVE-2019-9512 CVE-2019-9513
CVE-2019-9514 CVE-2019-9515 CVE-2019-9516
CVE-2019-9517 CVE-2019-9518
Affected Products:
SUSE Linux Enterprise Module for Web Scripting 15-SP1
SUSE Linux Enterprise Module for Web Scripting 15
https://www.suse.com/security/cve/CVE-2019-9511.html
https://www.suse.com/security/cve/CVE-2019-9512.html
https://www.suse.com/security/cve/CVE-2019-9513.html
https://www.suse.com/security/cve/CVE-2019-9514.html
https://www.suse.com/security/cve/CVE-2019-9515.html
https://www.suse.com/security/cve/CVE-2019-9516.html
https://www.suse.com/security/cve/CVE-2019-9517.html
https://www.suse.com/security/cve/CVE-2019-9518.html
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!