Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 7 articles for you...
202
security advisorysoftware updateimportant fixopenSUSE 15.4: 2023:4295-1 Important: Rapid Reset Attack Fixed
This update for nodejs10 fixes the following issues: CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190). # Security update for nodejs10 Announcement ID: SUSE-SU-2023:4295-1 Rating: important References: * bsc#1216190 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs10 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4295=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4295=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4295=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4295=1 * SUSE LinuxEnterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4295=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * openSUSE Leap 15.4 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 *nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE CaaS Platform 4.0 (x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE CaaS Platform 4.0 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 . Node.js 10 upgrade for openSUSE tackles crucial vulnerabilities, incorporating a solution for the Rapid Reset exploit. Safeguard your system today!. openSUSE Security Update,nodejs10 Patch,Rapid ResetAttack,Important Nodejs Update. . Severity: Important. LinuxSecurity.com Team
Oct 31, 2023
•Important
OpenSUSE
100
security advisoryimportantSUSE LinuxSUSE: 2022:4502-1 Critical Security Advisory for Nodejs12 Released
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4301-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspectvia invalid octal IP address (bsc#1205119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4301=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4301=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4301=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4301=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4301=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4301=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-4301=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-4301=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4301=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4301=1 - SUSE Linux Enterprise Server 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-4301=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-4301=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4301=1 - SUSE Linux Enterprise HighPerformance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4301=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-4301=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4301=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-4301=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Manager Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Proxy 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15 (ppc64le x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSELinux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 7 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE Enterprise Storage 6 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 - SUSE CaaS Platform 4.0 (x86_64): nodejs10-10.24.1-150000.1.53.1 nodejs10-debuginfo-10.24.1-150000.1.53.1 nodejs10-debugsource-10.24.1-150000.1.53.1 nodejs10-devel-10.24.1-150000.1.53.1 npm10-10.24.1-150000.1.53.1 - SUSE CaaS Platform 4.0 (noarch): nodejs10-docs-10.24.1-150000.1.53.1 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 . Urgent patch release for nodejs10 targeting DNS rebinding flaw. Essential SUSE notification!. SUSE Linux, Nodejs Update, DNS Rebinding, Important Security Fixes, Software Patch. . Severity: Important. LinuxSecurity.com Team
Dec 01, 2022
•Important
SuSE
100
security advisorymoderatesoftware updateopenSUSE: 2022:3840-1 High: Nodejs12 Remote Code Execution Vulnerability
An update that fixes two vulnerabilities is now available. . SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:3835-1 Rating: moderate References: #1201325 #1203832 Cross-References: CVE-2022-32213 CVE-2022-35256 CVSS scores: CVE-2022-32213 (NVD) : 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2022-32213 (SUSE): 6.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2022-35256 (SUSE): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N Affected Products: openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2022-35256: Fixed incorrect parsing of header fields (bsc#1203832). - CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-3835=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-3835=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.50.1 nodejs10-debuginfo-10.24.1-150000.1.50.1 nodejs10-debugsource-10.24.1-150000.1.50.1 nodejs10-devel-10.24.1-150000.1.50.1 npm10-10.24.1-150000.1.50.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.50.1 References: https://www.suse.com/security/cve/CVE-2022-32213.html https://www.suse.com/security/cve/CVE-2022-35256.html https://bugzilla.suse.com/1201325 https://bugzilla.suse.com/1203832 . Important SUSE patch addresses multiple problems in nodejs10: rectifies header interpretation and circumvention vulnerabilities.. Nodejs10 Security Update, openSUSE Threats, SUSE Security Advisory. . LinuxSecurity.com Team
Nov 01, 2022
SuSE
100
security advisorydenial of serviceimportantSUSE: 2022:1717-1 Important Nodejs10 Buffer Overflow Risks Fixed
An update that fixes 9 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1717-1 Rating: important References: #1191962 #1191963 #1192153 #1192154 #1192696 #1194514 #1194819 #1197283 #1198247 Cross-References: CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-21824 CVSS scores: CVE-2021-23343 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23343 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-32803 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32803 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (NVD) : 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-32804 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-3807 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3807 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3918 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3918 (SUSE): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2022-21824 (NVD) : 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE CaaS Platform 4.0 SUSE Enterprise Storage 6 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15-ESPOS SUSE Linux Enterprise High Performance Computing 15-LTSS SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server 15-SP1-BCL SUSE Linux Enterprise Server 15-SP1-LTSS SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server for SAP 15 SUSE Linux Enterprise Server for SAP 15-SP1 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes 9 vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creationand overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154). - CVE-2022-21824: Fixed prototype pollution via console.table (bsc#1194514). - CVE-2021-44906: Fixed prototype pollution in npm dependency (bsc#1198247). - CVE-2021-44907: Fixed insuficient sanitation in npm dependency (bsc#1197283). - CVE-2022-0235: Fixed passing of cookie data and sensitive headers to different hostnames in node-fetch-npm (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-1717=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-1717=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-1717=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-1717=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-1717=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-1717=1 - SUSE Linux Enterprise Server for SAP 15-SP1: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2022-1717=1 - SUSE Linux Enterprise Server for SAP 15: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2022-1717=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-1717=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-1717=1 - SUSE Linux EnterpriseServer 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2022-1717=1 - SUSE Linux Enterprise Server 15-SP1-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2022-1717=1 - SUSE Linux Enterprise Server 15-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-2022-1717=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-1717=1 - SUSE Enterprise Storage 6: zypper in -t patch SUSE-Storage-6-2022-1717=1 - SUSE CaaS Platform 4.0: To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - openSUSE Leap 15.4 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - openSUSE Leap 15.3 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Manager Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Manager Proxy 4.1 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Manager Proxy 4.1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15-SP1 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server forSAP 15 (ppc64le x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server for SAP 15 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (aarch64 ppc64le s390x x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-SP1-BCL (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-LTSS (aarch64 s390x): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise Server 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-LTSS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Linux Enterprise High Performance Computing 15-ESPOS (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 7 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 6 (aarch64 x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE Enterprise Storage 6 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 - SUSE CaaS Platform 4.0 (x86_64): nodejs10-10.24.1-150000.1.44.1 nodejs10-debuginfo-10.24.1-150000.1.44.1 nodejs10-debugsource-10.24.1-150000.1.44.1 nodejs10-devel-10.24.1-150000.1.44.1 npm10-10.24.1-150000.1.44.1 - SUSE CaaS Platform 4.0 (noarch): nodejs10-docs-10.24.1-150000.1.44.1 References: https://www.suse.com/security/cve/CVE-2021-23343.html https://www.suse.com/security/cve/CVE-2021-32803.html https://www.suse.com/security/cve/CVE-2021-32804.html https://www.suse.com/security/cve/CVE-2021-3807.html https://www.suse.com/security/cve/CVE-2021-3918.html https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1191962 https://bugzilla.suse.com/1191963 https://bugzilla.suse.com/1192153 https://bugzilla.suse.com/1192154 https://bugzilla.suse.com/1192696 https://bugzilla.suse.com/1194514 https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 . A significant SUSE upgrade for nodejs12 has been announced, addressing several vulnerabilities across different applications for improved safety.. Nodejs10 Security Update, SUSE Patch Release, Software Vulnerability Fixes. . Severity: Important. LinuxSecurity.com Team
May 17, 2022
•Important
SuSE
202
security advisorymoderateinput validationopenSUSE Leap 15.2: 2021:1239-2 Security: Nodejs12 Input Handling Patch
An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1239-1 Rating: moderate References: #1188881 #1188917 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter (bsc#1189369). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1239=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): nodejs10-10.24.1-lp152.2.18.1 nodejs10-debuginfo-10.24.1-lp152.2.18.1 nodejs10-debugsource-10.24.1-lp152.2.18.1 nodejs10-devel-10.24.1-lp152.2.18.1 npm10-10.24.1-lp152.2.18.1 - openSUSE Leap 15.2 (noarch): nodejs10-docs-10.24.1-lp152.2.18.1 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 . A recent patch for Fedora corrects multiple vulnerabilities in nodejs12, boosting both safety and performance for its users.. software update, input validation, nodejs fixes, openSUSE patch. . LinuxSecurity.com Team
Sep 07, 2021
OpenSUSE
202
security advisorydenial of serviceupdateopenSUSE Leap 15.2: 2021:1061-1 Important: Nodejs10 Denial of Service
An update that solves 6 vulnerabilities and has one errata is now available. . openSUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:1061-1 Rating: important References: #1183155 #1183851 #1183852 #1184450 #1187973 #1187976 #1187977 Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVE-2021-3449 CVE-2021-3450 CVSS scores: CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-22918 (NVD) : 8.2 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3449 (NVD) : 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3449 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-3450 (NVD) : 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-3450 (SUSE): 7.4 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that solves 6 vulnerabilities and has one errata is now available. Description: This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973) - CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976) - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977) - CVE-2020-7774: y18n Prototype Pollution (bsc#1184450) - CVE-2021-3450: OpenSSL - CA certificate check bypass with X509_V_FLAG_X509_STRICT (bsc#1183851) - CVE-2021-3449: OpenSSL - NULL pointer deref in signature_algorithms processing (bsc#1183852) - reduce memory footprint of test-worker-stdio (bsc#1183155) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-1061=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): nodejs10-10.24.1-lp152.2.15.1 nodejs10-debuginfo-10.24.1-lp152.2.15.1 nodejs10-debugsource-10.24.1-lp152.2.15.1 nodejs10-devel-10.24.1-lp152.2.15.1 npm10-10.24.1-lp152.2.15.1 - openSUSE Leap 15.2 (noarch): nodejs10-docs-10.24.1-lp152.2.15.1 References: https://www.suse.com/security/cve/CVE-2020-7774.html https://www.suse.com/security/cve/CVE-2021-22918.html https://www.suse.com/security/cve/CVE-2021-23362.html https://www.suse.com/security/cve/CVE-2021-27290.html https://www.suse.com/security/cve/CVE-2021-3449.html https://www.suse.com/security/cve/CVE-2021-3450.html https://bugzilla.suse.com/1183155 https://bugzilla.suse.com/1183851 https://bugzilla.suse.com/1183852 https://bugzilla.suse.com/1184450 https://bugzilla.suse.com/1187973 https://bugzilla.suse.com/1187976 https://bugzilla.suse.com/1187977 . Security patch released for openSUSE nodejs10 addressing several vulnerabilities, including potential DoS threats and additional concerns. See comprehensive guidelines.. openSUSE Security,nodejs10 Update,vulnerabilities Fix,software security,important patch. . Severity: Important. LinuxSecurity.com Team
Jul 19, 2021
•Important
OpenSUSE
202
security advisorysecurity updateDoSopenSUSE Leap 15.2: openSUSE-SU-2021:0372-1 Important Nodejs10 Fix
An update that fixes three vulnerabilities is now available. . openSUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:0372-1 Rating: important References: #1182333 #1182619 #1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 CVSS scores: CVE-2021-22883 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 (SUSE): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-23840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23840 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: openSUSE Leap 15.2 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: New upstream LTS version 10.24.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) This update was imported from the SUSE:SLE-15:Update update project. Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.2: zypper in -t patch openSUSE-2021-372=1 Package List: - openSUSE Leap 15.2 (i586 x86_64): nodejs10-10.24.0-lp152.2.12.1 nodejs10-debuginfo-10.24.0-lp152.2.12.1 nodejs10-debugsource-10.24.0-lp152.2.12.1 nodejs10-devel-10.24.0-lp152.2.12.1 npm10-10.24.0-lp152.2.12.1 - openSUSE Leap 15.2 (noarch): nodejs10-docs-10.24.0-lp152.2.12.1 References: https://www.suse.com/security/cve/CVE-2021-22883.html https://www.suse.com/security/cve/CVE-2021-22884.html https://www.suse.com/security/cve/CVE-2021-23840.html https://bugzilla.suse.com/1182333 https://bugzilla.suse.com/1182619 https://bugzilla.suse.com/1182620 . The latest update for nodejs10 tackles critical vulnerabilities, particularly focusing on Denial of Service (DoS) and DNS rebinding exploits, aiming to bolster security measures in openSUSE.. openSUSE Nodejs Update, Security Update OpenSUSE, Nodejs Fixes. . Severity: Important. LinuxSecurity.com Team
Mar 03, 2021
•Important
OpenSUSE
100
security advisoryOpenSSLimportantSUSE: 2021:0673-1 Important: Nodejs10 Denial of Service Issues
An update that fixes three vulnerabilities is now available. . SUSE Security Update: Security update for nodejs10 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:0673-1 Rating: important References: #1182333 #1182619 #1182620 Cross-References: CVE-2021-22883 CVE-2021-22884 CVE-2021-23840 CVSS scores: CVE-2021-22883 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-22884 (SUSE): 5.8 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L CVE-2021-23840 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-23840 (SUSE): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes three vulnerabilities is now available. Description: This update for nodejs10 fixes the following issues: New upstream LTS version 10.24.0: - CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619) - CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620) - CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-673=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs10-10.24.0-1.36.2 nodejs10-debuginfo-10.24.0-1.36.2 nodejs10-debugsource-10.24.0-1.36.2 nodejs10-devel-10.24.0-1.36.2 npm10-10.24.0-1.36.2 - SUSE Linux Enterprise Module forWeb Scripting 12 (noarch): nodejs10-docs-10.24.0-1.36.2 References: https://www.suse.com/security/cve/CVE-2021-22883.html https://www.suse.com/security/cve/CVE-2021-22884.html https://www.suse.com/security/cve/CVE-2021-23840.html https://bugzilla.suse.com/1182333 https://bugzilla.suse.com/1182619 https://bugzilla.suse.com/1182620 . Node.js 10 upgrade addresses severe security flaws. Access update guidelines for SUSE Linux Enterprise today.. NodeJS Update, SUSE Security, Application Security, Linux Patch Management. . Severity: Important. LinuxSecurity.com Team
Mar 02, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!