Alerts This Week
Warning Icon 1 692
Alerts This Week
Warning Icon 1 692

Important Security Update for pgAdmin4 on SUSE 2024:3771-1 Released

suse
Calendar Grey October 29, 2024
Dist Suse Esm H88
Crucial security enhancement for pgadmin4 tackles various vulnerabilities; comprehensive information on flaws and guidance for applying patches provided.
* bsc#1224295 * bsc#1224366 * bsc#1226967 * bsc#1227248 * bsc#1227252

Summary

## This update for pgadmin4 fixes the following issues: * CVE-2024-38355: Fixed socket.io: unhandled 'error' event (bsc#1226967) * CVE-2024-38998: Fixed requirejs: prototype pollution via function config (bsc#1227248) * CVE-2024-38999: Fixed requirejs: prototype pollution via function s.contexts._.configure (bsc#1227252) * CVE-2024-39338: Fixed axios: server-side request forgery due to requests for path relative URLs being processed as protocol relative URLs in axios (bsc#1229423) * CVE-2024-4067: Fixed micromatch: vulnerable to Regular Expression Denial of Service (ReDoS) (bsc#1224366) * CVE-2024-4068: Fixed braces: fails to limit the number of characters it can handle, which could lead to Memory Exhaustion (bsc#1224295) * CVE-2024-43788: Fixed webpack: DOM clobbering gadget in

Topics%20covered

Topics Covered

security advisory software update important threat mitigation client application openSUSE pgadmin4

References

* bsc#1224295

* bsc#1224366

* bsc#1226967

* bsc#1227248

* bsc#1227252

* bsc#1229423

* bsc#1229861

* bsc#1230928

* bsc#1231564

* bsc#1231684

Cross-

* CVE-2024-38355

* CVE-2024-38998

* CVE-2024-38999

* CVE-2024-39338

* CVE-2024-4067

* CVE-2024-4068

* CVE-2024-43788

* CVE-2024-48948

* CVE-2024-48949

* CVE-2024-9014

CVSS scores:

* CVE-2024-38355 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2024-38998 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2024-38998 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-38998 ( NVD ): 8.4 CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2024-38999 ( SUSE ): 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H

* CVE-2024-39338 ( SUSE ): 9.1

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:3771-1
Release Date: 2024-10-29T12:55:39Z
Rating: important

Topics%20covered

Topics Covered

security advisory software update important threat mitigation client application openSUSE pgadmin4

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here