SUSE Linux: 2024:0643-1 Important: Nodejs20 DoS and Injection Risks

suse

February 28, 2024

* bsc#1219152 * bsc#1219724 * bsc#1219992 * bsc#1219993 * bsc#1219994

Summary

## This update for nodejs20 fixes the following issues: Update to 20.11.1: (security updates) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2024-21896: Path traversal by monkey-patching Buffer internals (bsc#1219994).j * CVE-2024-22017: setuid() does not drop all privileges due to io_uring (bsc#1219995). * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-21891: Multiple permission model bypasses due to improper path traversal sequence sanitization (bsc#1219998).

Topics Covered

security advisory DoS important code injection SUSE Linux openSUSE nodejs

References

* bsc#1219152

* bsc#1219724

* bsc#1219992

* bsc#1219993

* bsc#1219994

* bsc#1219995

* bsc#1219997

* bsc#1219998

* bsc#1219999

* bsc#1220014

* bsc#1220017

Cross-

* CVE-2023-46809

* CVE-2024-21890

* CVE-2024-21891

* CVE-2024-21892

* CVE-2024-21896

* CVE-2024-22017

* CVE-2024-22019

* CVE-2024-22025

* CVE-2024-24758

* CVE-2024-24806

CVSS scores:

* CVE-2023-46809 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

* CVE-2024-21890 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-21891 ( SUSE ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-21892 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-21896 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2024:0643-1

Rating: important

Topics Covered

security advisory DoS important code injection SUSE Linux openSUSE nodejs

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux: 2024:0643-1 Important: Nodejs20 DoS and Injection Risks

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE Linux: 2024:0643-1 Important: Nodejs20 DoS and Injection Risks

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!