Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 5 articles for you...
91
security advisoryGentooarbitrary file creationGentoo DTrace Arbitrary File Creation Normal Risk 202604-04
A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names.. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: DTrace: Arbitrary file creation via dtprobed Date: April 17, 2026 Bugs: #971491 ID: 202604-04 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A DTrace component, dtprobed, allows arbitrary file creation through crafted USDT provider names. Background ========== DTrace is a dynamic tracing tool for analysing or debugging the whole system. Specifically, dtprobed is a component of the DTrace system that keeps track of USDT probes within running processes, parsing and storing the DOF they provide for later consumption by dtrace proper. Affected packages ================= Package Vulnerable Unaffected ---------------- ------------ ------------ dev-debug/dtrace < 2.0.6 > = 2.0.6 Description =========== A vulnerability has been found in dtprobed that allows for arbitrary file creation through specially crafted USDT provider names. Impact ====== The worst possible outcome is the ability for an attacker to run arbitrary code via the maliciously created file. Workaround ========== There is no known workaround at this time. Resolution ========== All DTrace users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose "> =dev-debug/dtrace-2.0.6" References ========== [ 1 ] CVE-2026-21991 https://nvd.nist.gov/vuln/detail/CVE-2026-21991 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202604-04 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to
Apr 17, 2026
•Medium
Gentoo
172
security advisoryUbuntuarbitrary file creationUbuntu 24.10: USN-7228-1 critical: LibreOffice information leak
Several security issues were fixed in LibreOffice.. ========================================================================== Ubuntu Security Notice USN-7228-1 January 27, 2025 libreoffice vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.10 - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS Summary: Several security issues were fixed in LibreOffice. Software Description: - libreoffice: Office productivity suite Details: Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to create arbitrary files ending with ".ttf". (CVE-2024-12425) Thomas Rinsma discovered that LibreOffice incorrectly handled certain environment variables and INI file values. If a user or automated system were tricked into opening a specially crafted LibreOffice file, a remote attacker could possibly use this issue to exfiltrate sensitive information. (CVE-2024-12426) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.10 libreoffice 4:24.8.4-0ubuntu0.24.10.2 Ubuntu 24.04 LTS libreoffice 4:24.2.7-0ubuntu0.24.04.2 Ubuntu 22.04 LTS libreoffice 1:7.3.7-0ubuntu0.22.04.8 Ubuntu 20.04 LTS libreoffice 1:6.4.7-0ubuntu0.20.04.13 In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7228-1 CVE-2024-12425, CVE-2024-12426 Package Information: https://launchpad.net/ubuntu/+source/libreoffice/4:24.8.4-0ubuntu0.24.10.2 https://launchpad.net/ubuntu/+source/libreoffice/4:24.2.7-0ubuntu0.24.04.2 https://launchpad.net/ubuntu/+source/libreoffice/1:7.3.7-0ubuntu0.22.04.8 https://launchpad.net/ubuntu/+source/libreoffice/1:6.4.7-0ubuntu0.20.04.13 . Ubuntu Security Advisory USN-7228-1 outlines patch updates for vulnerabilities in LibreOffice, aiming to bolster user safety.. LibreOffice security updates, Ubuntu security fixes, office software vulnerabilities. . Severity: Critical. LinuxSecurity.com Team
Jan 27, 2025
•Critical
Ubuntu
172
security advisoryUbuntuuser privilegesUbuntu 23.10 USN-6808-1 Moderate: Atril Path Traversal Issue
Atril could be made to create arbitrary files when opening a specially crafted EPUB file.. ========================================================================== Ubuntu Security Notice USN-6808-1 June 05, 2024 atril vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 23.10 - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS Summary: Atril could be made to create arbitrary files when opening a specially crafted EPUB file. Software Description: - atril: Official Document Viewer of the MATE Desktop Environment Details: It was discovered that Atril was vulnerable to a path traversal attack. An attacker could possibly use this vulnerability to create arbitrary files on the host filesystem with user privileges. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10 atril 1.26.0-2ubuntu0.1 atril-common 1.26.0-2ubuntu0.1 libatrildocument3 1.26.0-2ubuntu0.1 Ubuntu 22.04 LTS atril 1.26.0-1ubuntu1.1 atril-common 1.26.0-1ubuntu1.1 libatrildocument3 1.26.0-1ubuntu1.1 Ubuntu 20.04 LTS atril 1.24.0-1ubuntu0.1 atril-common 1.24.0-1ubuntu0.1 libatrildocument3 1.24.0-1ubuntu0.1 Ubuntu 18.04 LTS atril 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro atril-common 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro libatrildocument3 1.20.1-2ubuntu2+esm1 Available with Ubuntu Pro Ubuntu 16.04 LTS atril 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro atril-common 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro libatrildocument3 1.12.2-1ubuntu0.3+esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-6808-1 CVE-2023-52076 Package Information: https://launchpad.net/ubuntu/+source/atril/1.26.0-2ubuntu0.1 https://launchpad.net/ubuntu/+source/atril/1.26.0-1ubuntu1.1 https://launchpad.net/ubuntu/+source/atril/1.24.0-1ubuntu0.1 . A critical flaw in Atril on Ubuntu enables unauthorized file generation through malicious EPUB files. Ensure you upgrade your packages promptly to safeguard your system.. Atril Security, Path Traversal, Ubuntu Advisory. . LinuxSecurity.com Team
Jun 05, 2024
Ubuntu
100
security advisorydenial of serviceimportantSUSE: 2022:1717-1 Important Nodejs10 Buffer Overflow Risks Fixed
An update that fixes 9 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1717-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 #1194514 #1194819 #1197283 #1198247 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-21824 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2022-21824 (NVD) : 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creationand overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). - CVE-2022-21824: Fixed prototype pollution via console.table (bsc#1194514). - CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). - CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283). - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1717=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1717=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1717=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1717=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1717=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1717=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1717=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1717=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1717=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1717=1 - SUSE Linux EnterpriseServer 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1717=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1717=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1717=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1717=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Manager Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Manager Proxy 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server forSAP 15 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 7 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 6 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE CaaS Platform 4.0 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE CaaS Platform 4.0 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 https://bugzilla.suse.com/1194514 https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 . A significant SUSE upgrade for nodejs12 has been announced, addressing several vulnerabilities across different applications for improved safety.. Nodejs10 Security Update, SUSE Patch Release, Software Vulnerability Fixes. . Severity: Important. LinuxSecurity.com Team
May 17, 2022
•Important
SuSE
100
security advisoryimportantSUSESUSE: 2022:255-1 Important: bci/nodejs Security Advisory Update
The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:255-1 Container Tags : bci/node:12 , bci/node:12-11.15 , bci/nodejs:12 , bci/nodejs:12-11.15 Container Release : 11.15 Severity : important Type : security References : 1191962 1191963 1192153 1192154 1192696 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:657-1 Released: Wed Mar 2 10:11:51 2022 Summary: Security update for nodejs12 Type: security Severity: important References: 1191962,1191963,1192153,1192154,1192696,CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918 This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). The following package changes have been done: - nodejs12-12.22.10-4.29.3 updated - npm12-12.22.10-4.29.3 updated - container:sles15-image-15.0.0-17.8.83 updated . The security enhancement for bci/python introduces critical fixes for vulnerabilities found in Pythonenvironments and modules.. SUSE Container Update, Node.js Security, Container Advisory. . Severity: Important. LinuxSecurity.com Team
Mar 06, 2022
•Important
SuSE
100
security advisorydenial of servicesoftware updateSUSE Linux Enterprise 15-SP3 Advisory: Important Nodejs12 Denial Of Service
An update that fixes 5 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0657-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail BranchServer 4.1 SUSE Manager Server 4.1 SUSE Manager Server 4.2 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-657=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-657=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-657=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-657=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-657=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-657=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-657=1 - SUSE LinuxEnterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-657=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-657=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-657=1 Package List: - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Manager Server 4.1 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Manager Proxy 4.1 (x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Manager Proxy 4.1 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-BCL(noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs12-docs-12.22.10-4.29.3 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs12-12.22.10-4.29.3 nodejs12-debuginfo-12.22.10-4.29.3 nodejs12-debugsource-12.22.10-4.29.3 nodejs12-devel-12.22.10-4.29.3 npm12-12.22.10-4.29.3 - SUSE Enterprise Storage 7 (noarch): nodejs12-docs-12.22.10-4.29.3 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 . Crucial patch released for nodejs12 addressing various vulnerabilities with a critical advisory rating. Find further details here.. SUSE Linux,nodejs,security update,advisory rating,denial of service. . Severity: Important. LinuxSecurity.com Team
Mar 02, 2022
•Important
SuSE
100
security advisorysecurity updateDoSSUSE: 2022:0569-1 Important Nodejs14 Security Update for 5 Issues
An update that fixes 5 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0569-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is nowavailable. Description: This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-569=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.0-6.24.1 nodejs14-debuginfo-14.19.0-6.24.1 nodejs14-debugsource-14.19.0-6.24.1 nodejs14-devel-14.19.0-6.24.1 npm14-14.19.0-6.24.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.19.0-6.24.1 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 . A crucial announcement for SUSE Linux addresses 5 vulnerabilities in nodejs14, enhancing thesecurity landscape for servers and applications.. SUSE Linux Update,nodejs Security Fix,nodejs Patch Note,nodejs Security Issues. . Severity: Important. LinuxSecurity.com Team
Feb 24, 2022
•Important
SuSE
100
security advisorycriticalimportantSUSE: 2021:3940-1 Important Nodejs12 Important Security Fix
An update that fixes 7 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3940-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). -CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3940=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3940=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.7-4.22.1 nodejs12-debuginfo-12.22.7-4.22.1 nodejs12-debugsource-12.22.7-4.22.1 nodejs12-devel-12.22.7-4.22.1 npm12-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.7-4.22.1 nodejs12-debuginfo-12.22.7-4.22.1 nodejs12-debugsource-12.22.7-4.22.1 nodejs12-devel-12.22.7-4.22.1 npm12-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.22.7-4.22.1 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 . SUSE delivers an essential upgrade for nodejs12, tackling significant vulnerabilities and security risks to ensure maximum safety.. Nodejs Security Update, SUSE Patches, Critical Security Fixes. . Severity: Important. LinuxSecurity.com Team
Dec 06, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!