Alerts This Week
Warning Icon 1 637
Alerts This Week
Warning Icon 1 637

Stay Secure with the Latest Linux Advisories

Debianlts Large Esm H800
Debian LTS

Debian Dovecot High Severity Service Disruption Info Leak Flaw DLA-4617-1

Calendar White Jun 05, 2026
Important
Debianlts Large Esm H900
Debian LTS

Debian 11 gsasl Critical DoS Threat Advisory DLA-4618-1 CVE-2026-48829

Calendar White Jun 05, 2026
Critical
Suse Large Esm H900
SuSE

SUSE MozillaThunderbird Important Memory Safety Fix Advisory 2026-2271-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro 6.0 Ignition Key HTTP Transport Loop Patch 2026-21987-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.0 Important Libzypp Libsolv Security Update 2026-21988-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Google-Guest-Agent Important Security Update 2026-21989-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H800
SuSE

SUSE Linux Micro Important Salt Multi-Linux Manager Vuln 2026-21990-1

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro Critical Ignition Patch CVE-2026-33814

Calendar White Jun 05, 2026
Important
Suse Large Esm H900
SuSE

SUSE Linux Micro 6.1 Security Update for libzypp libsolv Key 2026-21992-1

Calendar White Jun 05, 2026
Important
Filter Icon Refine advisories
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security advisories

We found 2 articles for you...
172
Ls Advisories Ubuntu Esm H240
Price Tag 1security advisoryunauthorized accesshigh severity

Ubuntu 22.04 LTS: USN-7292-1 High Risk: Dropbear Access Vulnerabilities

Several security issues were fixed in dropbear.. ========================================================================== Ubuntu Security Notice USN-7292-1 February 25, 2025 Several security issues were fixed in Dropbear ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in dropbear. Software Description: - dropbear: lightweight SSH2 server and client Details: Manfred Kaiser discovered that Dropbear through 2020.81 does not properly check the available authentication methods in the client-side SSH code. An attacker could use this vulnerability to gain unauthorized access to remote systems. (CVE-2021-36369) Fabian Bäumer, Marcus Brinkmann, and Jörg Schwenk discovered that the SSH transport protocol implementation in Dropbear had weak integrity checks. An attacker could use this vulnerability to bypass security features like encryption and integrity checks. (CVE-2023-48795) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS dropbear 2020.81-5ubuntu0.1 dropbear-bin 2020.81-5ubuntu0.1 Ubuntu 20.04 LTS dropbear 2019.78-2ubuntu0.1~esm1 Available with Ubuntu Pro dropbear-bin 2019.78-2ubuntu0.1~esm1 Available with Ubuntu Pro Ubuntu 18.04 LTS dropbear 2017.75-3ubuntu0.1~esm1 Available with Ubuntu Pro dropbear-bin 2017.75-3ubuntu0.1~esm1 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7292-1 CVE-2021-36369, CVE-2023-48795 Package Information: https://launchpad.net/ubuntu/+source/dropbear/2020.81-5ubuntu0.1 . The Ubuntu Security Announcement USN-7293-1 tackles several vulnerabilities found in OpenSSH affecting the latest LTS releases.. Dropbear Updates, SSH Client Issues, Ubuntu Security Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Feb 25, 2025 Important Ubuntu
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorynetwork securitydebian

Debian LTS: DLA-3975-1 moderate: ProFTPD integrity check bypass

ProFTPD a popular FTP server was affected by multiple vulnerabilities. CVE-2023-48795 . - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3975-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Bastien Roucariès November 29, 2024 https://wiki.debian.org/LTS - ------------------------------------------------------------------------- Package : proftpd-dfsg Version : 1.3.7a+dfsg-12+deb11u3 CVE ID : CVE-2023-48795 CVE-2023-51713 CVE-2024-48651 Debian Bug : 1082326 ProFTPD a popular FTP server was affected by multiple vulnerabilities. CVE-2023-48795 The SSH transport protocol and variant like SFTP protocol used by ProFTPD allowed remote attackers to bypass integrity checks such that some packets are omitted (from the extension negotiation message), and a client and server may consequently end up with a connection for which some security features have been downgraded or disabled, aka a Terrapin attack. CVE-2023-51713 make_ftp_cmd function has a one-byte out-of-bounds read, because of mishandling of quote/backslash semantics. CVE-2024-48651 In proftpd with mod_sftp and mod_sql, an user with no supplemental groups will incorrectly inherit supplemental groups from the parent process. Thhis behavior resulted in users gaining supplemental membership in nogroup, or depending of version root group (GID=0). For Debian 11 bullseye, these problems have been fixed in version 1.3.7a+dfsg-12+deb11u3. We recommend that you upgrade your proftpd-dfsg packages. For the detailed security status of proftpd-dfsg please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/proftpd-dfsg Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . Ubuntu SecurityNotice USN-5328-1 tackles vulnerabilities in OpenSSH, boost your SSH server protection today!. Debian LTS, ProFTPD, FTP server security. . LinuxSecurity.com Team

Calendar 2 Nov 29, 2024 Debian LTS
Banner 3 1028x280 1708121785 1771599793
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisoryimportantopenSUSE

openSUSE 15.4: 2023:4373-1 important: nodejs12 Reset Attack

This update for nodejs12 fixes the following issues: CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) CVE-2023-38552: Fixed an integrity checks according to policies that could. # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4373-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in-t patch openSUSE-SLE-15.4-2023-4373=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4373=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4373=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4373=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * corepack14-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * openSUSE Leap 15.4 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High PerformanceComputing ESPOS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Serverfor SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . Crucial patch for nodejs12 addresses significant security vulnerabilities involving validation measures and reset exploitations.. Nodejs12 Update, SUSE Security Advisory, Security Fixes. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 06, 2023 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorycritical issuesoftware patch

SUSE: 2023:4373-1 Critical: Node.js 12 Integrity Check Issues

* bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 . # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4373-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4373=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -tpatch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4373=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4373=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4373=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4373=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4373=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4373=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * corepack14-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * openSUSE Leap 15.4 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 *nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 *nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Manager Server 4.2 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs14-14.21.3-150200.15.52.2 * nodejs14-devel-14.21.3-150200.15.52.2 * nodejs14-debugsource-14.21.3-150200.15.52.2 * npm14-14.21.3-150200.15.52.2 * nodejs14-debuginfo-14.21.3-150200.15.52.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs14-docs-14.21.3-150200.15.52.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . SUSE-SU-2023:4374-1 tackles critical vulnerabilities in python3 impacting various SUSE platforms.. SUSE Nodejs Security Update, Security Patch for Nodejs, Linux Nodejs Update. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 06, 2023 Important SuSE
Banner 3 1028x280 1708121785 1771599793
202
Ls Advisories Opensuse Esm H240
Price Tag 1security advisorycritical issuesecurity update

openSUSE 15.4 SUSE-SU-2023:4374-1 Critical: Nodejs12 Integrity Fix

This update for nodejs12 fixes the following issues: CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) CVE-2023-38552: Fixed an integrity checks according to policies that could. # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4374-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in-t patch openSUSE-SLE-15.4-2023-4374=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4374=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . This essential software patch addresses significant vulnerabilities in nodejs12, including validation improvements and breach preventions.. openSUSE,nodejs12,security update,Rapid Reset,integrity check. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 06, 2023 Important OpenSUSE
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorysoftware updateimportant

SUSE 2023:4374-1 Important: NodeJS12 Integrity Checks and Rapid Reset

* bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 . # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4374-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4374=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -tpatch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4374=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 *nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 *nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . Address essential security patches for nodejs12 to alleviate significant vulnerabilities in SUSE frameworks efficiently.. NodeJS Security, SUSE Updates, Integrity Checks, Security Patches. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Nov 06, 2023 Important SuSE
Banner 3 1028x280 1708121785 1771599793
100
Ls Advisories Suse Esm H240
Price Tag 1security advisorycriticalimportant

SUSE: 2023:4150-1 Important: Nodejs18 Security Issues Resolved

* bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 . # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4150-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) *CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web and Scripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-4150=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs16-16.20.2-8.36.1 * npm16-16.20.2-8.36.1 * nodejs16-debugsource-16.20.2-8.36.1 * nodejs16-devel-16.20.2-8.36.1 * nodejs16-debuginfo-16.20.2-8.36.1 * Web and Scripting Module 12 (noarch) * nodejs16-docs-16.20.2-8.36.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 . Learn how to install the critical security update for Node.js 18 using either zypper or YaST, ensuring your system remains secure against vulnerabilities. nodejs18 Update,SUSE Security Advisory,Code Injection Fix,Integrity Check. . Severity: Important. LinuxSecurity.com Team

Calendar 2 Oct 20, 2023 Important SuSE
197
Ls Advisories Deblts Esm H240
Price Tag 1security advisorydenial of servicesoftware update

Debian 9 Stretch: DLA-3032-1 Moderate: pngcheck Denial Of Service

A flaw was found in the check_chunk_name() function of pngcheck, a tool to verify the integrity of PNG, JNG and MNG files. This flaw allows an attacker who can pass a malicious file to be processed by pngcheck to cause a temporary denial of service. . -------------------------------------------------------------------------Debian LTS Advisory DLA-3032-1 This email address is being protected from spambots. You need JavaScript enabled to view it. https://www.debian.org/lts/security/ Markus Koschany May 29, 2022 https://wiki.debian.org/LTS -------------------------------------------------------------------------Package : pngcheck Version : 2.3.0-7+deb9u1 CVE ID : CVE-2020-27818 Debian Bug : 976350 A flaw was found in the check_chunk_name() function of pngcheck, a tool to verify the integrity of PNG, JNG and MNG files. This flaw allows an attacker who can pass a malicious file to be processed by pngcheck to cause a temporary denial of service. For Debian 9 stretch, this problem has been fixed in version 2.3.0-7+deb9u1. We recommend that you upgrade your pngcheck packages. For the detailed security status of pngcheck please refer to its security tracker page at: https://security-tracker.debian.org/tracker/source-package/pngcheck Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS . An issue with pngcheck permits adversaries to induce a short-term denial of service; it is advised to update for Debian 9 stretch.. Debian Advisory, pngcheck update, integrity check tool, DoS threat, software security fix. . LinuxSecurity.com Team

Calendar 2 May 29, 2022 Debian LTS
Banner 3 1028x280 1708121785 1771599793
News Add Esm H240

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

More Polls

What got you started with Linux?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/150-what-got-you-started-with-linux?task=poll.vote&format=json
150
radio
0
[{"id":483,"title":"Self-taught through trial and error","votes":545,"type":"x","order":1,"pct":78.42,"resources":[]},{"id":484,"title":"Formal training or courses","votes":30,"type":"x","order":2,"pct":4.32,"resources":[]},{"id":485,"title":"A job that required it","votes":34,"type":"x","order":3,"pct":4.89,"resources":[]},{"id":486,"title":"Other","votes":86,"type":"x","order":4,"pct":12.37,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200

Search Topics

Your message here