SUSE: 2022:3250-1 Moderate: Nodejs16 SSRF and CRLF Security Update

suse

September 12, 2022

An update that solves four vulnerabilities and has one errata is now available

Summary

This update for nodejs16 fixes the following issues: - CVE-2022-35949: Fixed SSRF when an application takes in user input into the path/pathname option of undici.request (bsc#1202382). - CVE-2022-35948: Fixed CRLF injection via Content-Type (bsc#1202383). - CVE-2022-29244: Fixed npm pack ignores root-level .gitignore and .npmignore file exclusion directives when run in a workspace (bsc#1200517). - CVE-2022-31150: Fixed CRLF injection in node-undici (bsc#1201710). Bugfixes: - Enable crypto-policies for SLE15 SP4+ and TW (bsc#1200303) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4:

Topics Covered

security advisory moderate security update SUSE Linux SSRF nodejs CRLF

References

#1200303 #1200517 #1201710 #1202382 #1202383

Cross- CVE-2022-29244 CVE-2022-31150 CVE-2022-35948

CVE-2022-35949

CVSS scores:

CVE-2022-29244 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVE-2022-29244 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVE-2022-31150 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

CVE-2022-31150 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-35948 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-35948 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CVE-2022-35949 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVE-2022-35949 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Affected Products:

Announcement ID: SUSE-SU-2022:3250-1

Rating: moderate

Topics Covered

security advisory moderate security update SUSE Linux SSRF nodejs CRLF

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3250-1 Moderate: Nodejs16 SSRF and CRLF Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2022:3250-1 Moderate: Nodejs16 SSRF and CRLF Security Update

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!