Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found -4 articles for you...
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorycode injectionimportant patch

openSUSE 15.3: SUSE-SU-2023:4207-1 Important: Nodejs18 Fix

This update for nodejs18 fixes the following issues: Update to version 18.18.2 CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190). # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4207-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommendedinstallation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4207=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4207=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4207=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150300.7.30.1 * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * openSUSE Leap 15.3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE LinuxEnterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 *https://bugzilla.suse.com/show_bug.cgi?id=1216273 . Node.js 18 has released an important update to resolve serious vulnerabilities, such as the Rapid Reset attack along with multiple injection flaws. Update immediately!. nodejs update, openSUSE nodejs18, security advisory nodejs, important security patch. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 26, 2023 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryupdateimportant

SUSE: 2023:4207-1 Important: Nodejs18 Cookie Leakage and Code Injection

* bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 . # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4207-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run thecommand listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4207=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4207=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4207=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150300.7.30.1 * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * openSUSE Leap 15.3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) *nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 . The latest version of SUSE's nodejs18 addresses a range ofsecurity vulnerabilities affecting numerous platforms and applications. Ensure your systems are protected and current!. SUSE Security Updates,nodejs18 Issues,SUSE Enterprise Server Updates,SUSE Linux Updates. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 26, 2023 Important SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysoftware updateimportant

SUSE: 2023:4155-1 Important: Nodejs18 Update Addresses Multiple Issues

* bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 . # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4155-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4155=1 ## Package List: * Web and Scripting Module 15-SP4 (aarch64ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150400.3.27.2 * nodejs16-devel-16.20.2-150400.3.27.2 * nodejs16-16.20.2-150400.3.27.2 * nodejs16-debuginfo-16.20.2-150400.3.27.2 * npm16-16.20.2-150400.3.27.2 * Web and Scripting Module 15-SP4 (noarch) * nodejs16-docs-16.20.2-150400.3.27.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 . A recent safety patch for nodejs18 tackles various vulnerabilities and enhances general performance across SUSE platforms.. Nodejs Update, SUSE Advisory, Threat Mitigation, Software Security, Code Injection Fix. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 23, 2023 Important SuSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorycriticalimportant

SUSE: 2023:4150-1 Important: Nodejs18 Security Issues Resolved

* bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 . # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4150-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) *CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-4150=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs16-16.20.2-8.36.1 * npm16-16.20.2-8.36.1 * nodejs16-debugsource-16.20.2-8.36.1 * nodejs16-devel-16.20.2-8.36.1 * nodejs16-debuginfo-16.20.2-8.36.1 * Web and Scripting Module 12 (noarch) * nodejs16-docs-16.20.2-8.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 . Learn how to install the critical security update for Node.js 18 using either zypper or YaST, ensuring your system remains secure against vulnerabilities. nodejs18 Update,SUSE Security Advisory,Code Injection Fix,Integrity Check. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 20, 2023 Important SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisoryimportantSUSE

SUSE: 2023:4133-1 Important Nodejs18 Code Injection And Cookie Leakage Fix

* bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 . # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4133-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 15 SP4 * SUSE Linux Enterprise High Performance Computing 15 SP5 * SUSE Linux Enterprise Server 15 SP4 * SUSE Linux Enterprise Server 15 SP5 * SUSE Linux Enterprise Server for SAP Applications 15 SP4 * SUSE Linux Enterprise Server for SAP Applications 15 SP5 * SUSE Manager Proxy 4.3 * SUSE Manager Retail Branch Server 4.3 * SUSE Manager Server 4.3 * Web and Scripting Module 15-SP4 * Web and Scripting Module 15-SP5 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listedfor your product: * Web and Scripting Module 15-SP4 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP4-2023-4133=1 * Web and Scripting Module 15-SP5 zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP5-2023-4133=1 ## Package List: * Web and Scripting Module 15-SP4 (aarch64 ppc64le s390x x86_64) * nodejs18-18.18.2-150400.9.15.1 * npm18-18.18.2-150400.9.15.1 * nodejs18-debuginfo-18.18.2-150400.9.15.1 * nodejs18-debugsource-18.18.2-150400.9.15.1 * nodejs18-devel-18.18.2-150400.9.15.1 * Web and Scripting Module 15-SP4 (noarch) * nodejs18-docs-18.18.2-150400.9.15.1 * Web and Scripting Module 15-SP5 (aarch64 ppc64le s390x x86_64) * nodejs18-18.18.2-150400.9.15.1 * npm18-18.18.2-150400.9.15.1 * nodejs18-debuginfo-18.18.2-150400.9.15.1 * nodejs18-debugsource-18.18.2-150400.9.15.1 * nodejs18-devel-18.18.2-150400.9.15.1 * Web and Scripting Module 15-SP5 (noarch) * nodejs18-docs-18.18.2-150400.9.15.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 . Critical security patch released for nodejs18, focusing on several vulnerabilities with new installation guidelines tailored for SUSE users.. Nodejs18 Security, SUSE Patch, Code Injection Fix, Cookie Leakage Update, Security Advisory. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 19, 2023 Important SuSE
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here