Alerts This Week
Warning Icon 1 770
Alerts This Week
Warning Icon 1 770

SUSE: 2022:0705-2 Critical Update for Nodejs10 Security Vulnerabilities

suse
Calendar Grey March 3, 2022
Dist Suse Esm H88
Important release for nodejs8 fixes several vulnerabilities; updates accessible for numerous SUSE versions.
An update that fixes 5 vulnerabilities is now available

Summary

This update for nodejs8 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods

Topics%20covered

Topics Covered

security advisory update important SUSE file creation nodejs ReDoS

References

#1191962 #1191963 #1192153 #1192154 #1192696

Cross- CVE-2021-23343 CVE-2021-32803 CVE-2021-32804

CVE-2021-3807 CVE-2021-3918

CVSS scores:

CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H

CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Products:

SUSE CaaS Platform 4.0

Severity
critical
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2022:0704-1
Rating: important

Topics%20covered

Topics Covered

security advisory update important SUSE file creation nodejs ReDoS

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here