Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 8 articles for you...
100
security advisorydenial of serviceimportantSUSE: 2024:0733-1 Important: Nodejs12 Denial of Service Issues
* bsc#1219993 * bsc#1219997 * bsc#1220014 * bsc#1220053 . # Security update for nodejs12 Announcement ID: SUSE-SU-2024:0733-1 Rating: important References: * bsc#1219993 * bsc#1219997 * bsc#1220014 * bsc#1220053 Cross-References: * CVE-2023-46809 * CVE-2024-22019 * CVE-2024-22025 * CVE-2024-24806 CVSS scores: * CVE-2023-46809 ( SUSE ): 6.8 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2024-22019 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2024-24806 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2024-24806 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks (bsc#1219724). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methodslike YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2024-733=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2024-733=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2024-733=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2024-733=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2024-733=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2024-733=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2024-733=1 ## Package List: * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.56.1 * nodejs12-debugsource-12.22.12-150200.4.56.1 * nodejs12-12.22.12-150200.4.56.1 * npm12-12.22.12-150200.4.56.1 * nodejs12-debuginfo-12.22.12-150200.4.56.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.56.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.56.1 * nodejs12-debugsource-12.22.12-150200.4.56.1 * nodejs12-12.22.12-150200.4.56.1 * npm12-12.22.12-150200.4.56.1 * nodejs12-debuginfo-12.22.12-150200.4.56.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.56.1 * nodejs12-debugsource-12.22.12-150200.4.56.1 *nodejs12-12.22.12-150200.4.56.1 * npm12-12.22.12-150200.4.56.1 * nodejs12-debuginfo-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.56.1 * nodejs12-debugsource-12.22.12-150200.4.56.1 * nodejs12-12.22.12-150200.4.56.1 * npm12-12.22.12-150200.4.56.1 * nodejs12-debuginfo-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-devel-12.22.12-150200.4.56.1 * nodejs12-debugsource-12.22.12-150200.4.56.1 * nodejs12-12.22.12-150200.4.56.1 * npm12-12.22.12-150200.4.56.1 * nodejs12-debuginfo-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-devel-12.22.12-150200.4.56.1 * nodejs12-debugsource-12.22.12-150200.4.56.1 * nodejs12-12.22.12-150200.4.56.1 * npm12-12.22.12-150200.4.56.1 * nodejs12-debuginfo-12.22.12-150200.4.56.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.56.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.56.1 * nodejs12-debugsource-12.22.12-150200.4.56.1 * nodejs12-12.22.12-150200.4.56.1 * npm12-12.22.12-150200.4.56.1 * nodejs12-debuginfo-12.22.12-150200.4.56.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.56.1 ## References: * https://www.suse.com/security/cve/CVE-2023-46809.html * https://www.suse.com/security/cve/CVE-2024-22019.html * https://www.suse.com/security/cve/CVE-2024-22025.html * https://www.suse.com/security/cve/CVE-2024-24806.html *https://bugzilla.suse.com/show_bug.cgi?id=1219993 * https://bugzilla.suse.com/show_bug.cgi?id=1219997 * https://bugzilla.suse.com/show_bug.cgi?id=1220014 * https://bugzilla.suse.com/show_bug.cgi?id=1220053 . The revision for nodejs12 tackles several vulnerabilities that could pose serious threats, along with suggested remediation steps.. NodeJS Security Update, Denial of Service Fix, SUSE Patch Instructions. . Severity: Important. LinuxSecurity.com Team
Feb 29, 2024
•Important
SuSE
202
security advisorycritical issuesecurity updateopenSUSE 15.4 SUSE-SU-2023:4374-1 Critical: Nodejs12 Integrity Fix
This update for nodejs12 fixes the following issues: CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) CVE-2023-38552: Fixed an integrity checks according to policies that could. # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4374-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in-t patch openSUSE-SLE-15.4-2023-4374=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4374=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . This essential software patch addresses significant vulnerabilities in nodejs12, including validation improvements and breach preventions.. openSUSE,nodejs12,security update,Rapid Reset,integrity check. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2023
•Important
OpenSUSE
100
security advisorysoftware updateimportantSUSE 2023:4374-1 Important: NodeJS12 Integrity Checks and Rapid Reset
* bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 . # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4374-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4374=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -tpatch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4374=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 *nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 *nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . Address essential security patches for nodejs12 to alleviate significant vulnerabilities in SUSE frameworks efficiently.. NodeJS Security, SUSE Updates, Integrity Checks, Security Patches. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2023
•Important
SuSE
202
security advisoryupdateimportantopenSUSE 15.4 SUSE-SU-2023:3455-1 Important: Nodejs12 Permissions Fix
This update for nodejs12 fixes the following issues: CVE-2023-23918: Fixed permissions policies bypass via process.mainModule (bsc#1208481).. # Security update for nodejs12 Announcement ID: SUSE-SU-2023:3455-1 Rating: important References: * #1208481 * #1212574 * #1212582 * #1212583 * #1214150 * #1214154 * #1214156 Cross-References: * CVE-2023-23918 * CVE-2023-30581 * CVE-2023-30589 * CVE-2023-30590 * CVE-2023-32002 * CVE-2023-32006 * CVE-2023-32559 CVSS scores: * CVE-2023-23918 ( SUSE ): 6.3 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N * CVE-2023-23918 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N * CVE-2023-30581 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-30589 ( SUSE ): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30589 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-30590 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-32002 ( SUSE ): 6.5 CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:H * CVE-2023-32002 ( NVD ): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32006 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L * CVE-2023-32006 ( NVD ): 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H * CVE-2023-32559 ( SUSE ): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAPApplications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves seven vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-23918: Fixed permissions policies bypass via process.mainModule (bsc#1208481). * CVE-2023-32002: Fixed permissions policies bypass via Module._load (bsc#1214150). * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire() (bsc#1214156). * CVE-2023-32559: Fixed permissions policies bypass via process.binding (bsc#1214154). * CVE-2023-30581: Fixed mainModule.proto bypass (bsc#1212574). * CVE-2023-30590: Fixed missing DiffieHellman key generation (bsc#1212583). * CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR (bsc#1212582). ## Patch Instructions: To install this SUSE Important update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-3455=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-3455=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-3455=1 * SUSE Enterprise Storage 7 zypper in -t patch SUSE-Storage-7-2023-3455=1 * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-3455=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-3455=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-3455=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-3455=1 * SUSE Linux EnterpriseServer 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-3455=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-3455=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-3455=1 ## Package List: * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Enterprise Storage 7 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 *nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-devel-12.22.12-150200.4.50.1 * nodejs12-debuginfo-12.22.12-150200.4.50.1 * npm12-12.22.12-150200.4.50.1 * nodejs12-debugsource-12.22.12-150200.4.50.1 * nodejs12-12.22.12-150200.4.50.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.50.1 ## References: * https://www.suse.com/security/cve/CVE-2023-23918.html * https://www.suse.com/security/cve/CVE-2023-30581.html * https://www.suse.com/security/cve/CVE-2023-30589.html * https://www.suse.com/security/cve/CVE-2023-30590.html * https://www.suse.com/security/cve/CVE-2023-32002.html * https://www.suse.com/security/cve/CVE-2023-32006.html * https://www.suse.com/security/cve/CVE-2023-32559.html * https://bugzilla.suse.com/show_bug.cgi?id=1208481 * https://bugzilla.suse.com/show_bug.cgi?id=1212574 * https://bugzilla.suse.com/show_bug.cgi?id=1212582 * https://bugzilla.suse.com/show_bug.cgi?id=1212583 * https://bugzilla.suse.com/show_bug.cgi?id=1214150 * https://bugzilla.suse.com/show_bug.cgi?id=1214154 * https://bugzilla.suse.com/show_bug.cgi?id=1214156 . Critical patch released for nodejs12 enhancing permission protocols. Ensure your system's safety with this new update.. openSUSE Nodejs12 Patch, permissions security fix, nodejs permissions issues. . Severity: Important. LinuxSecurity.com Team
Aug 28, 2023
•Important
OpenSUSE
100
security advisorysoftware patchimportantSUSE Security Notice: 2022:4254-1 Critical Nodejs12 DNS Rebinding Issue
An update that fixes one vulnerability is now available. . SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:4254-1 Rating: important References: #1205119 Cross-References: CVE-2022-43548 CVSS scores: CVE-2022-43548 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Affected Products: SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS SUSE Linux Enterprise High Performance Computing 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Server 15-SP2-BCL SUSE Linux Enterprise Server 15-SP2-LTSS SUSE Linux Enterprise Server 15-SP3 SUSE Linux Enterprise Server for SAP 15-SP2 SUSE Linux Enterprise Server for SAP Applications 15-SP3 SUSE Manager Proxy 4.1 SUSE Manager Proxy 4.2 SUSE Manager Retail Branch Server 4.1 SUSE Manager Retail Branch Server 4.2 SUSE Manager Server 4.1 SUSE Manager Server 4.2 openSUSE Leap 15.3 openSUSE Leap 15.4 ______________________________________________________________________________ An update that fixes one vulnerability is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you canrun the command listed for your product: - openSUSE Leap 15.4: zypper in -t patch openSUSE-SLE-15.4-2022-4254=1 - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-4254=1 - SUSE Manager Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-4254=1 - SUSE Manager Retail Branch Server 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-4254=1 - SUSE Manager Proxy 4.1: zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-4254=1 - SUSE Linux Enterprise Server for SAP 15-SP2: zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2022-4254=1 - SUSE Linux Enterprise Server 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-4254=1 - SUSE Linux Enterprise Server 15-SP2-BCL: zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-BCL-2022-4254=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-4254=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-4254=1 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS: zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-4254=1 - SUSE Enterprise Storage 7: zypper in -t patch SUSE-Storage-7-2022-4254=1 Package List: - openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - openSUSE Leap 15.4 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Manager Server 4.1 (ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Manager Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Manager Retail Branch Server 4.1 (x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Manager Retail Branch Server 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Manager Proxy 4.1 (x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Manager Proxy 4.1 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (ppc64le x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server for SAP 15-SP2 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-BCL (x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Server 15-SP2-BCL (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (aarch64 x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (aarch64 x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (noarch): nodejs12-docs-12.22.12-150200.4.41.2 - SUSE Enterprise Storage 7 (aarch64 x86_64): nodejs12-12.22.12-150200.4.41.2 nodejs12-debuginfo-12.22.12-150200.4.41.2 nodejs12-debugsource-12.22.12-150200.4.41.2 nodejs12-devel-12.22.12-150200.4.41.2 npm12-12.22.12-150200.4.41.2 - SUSE Enterprise Storage 7 (noarch): nodejs12-docs-12.22.12-150200.4.41.2 References: https://www.suse.com/security/cve/CVE-2022-43548.html https://bugzilla.suse.com/1205119 . A recent patch addresses a significantDNS rebinding vulnerability in nodejs12 for various SUSE versions. Protect your environments by applying this update promptly.. nodejs12 security update,SUSE DNS rebinding fix,SUSE Linux Enterprise patch,nodejs issues,important software security patch. . Severity: Important. LinuxSecurity.com Team
Nov 28, 2022
•Important
SuSE
100
security advisorymoderate severitySUSE LinuxSUSE: 2022:0113-1 Moderate: Nodejs12 Multiple Fixes for Issues
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:0113-1 Rating: moderate References: #1194511 #1194512 #1194513 #1194514 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 CVSS scores: CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2022-113=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.9-4.25.1 nodejs12-debuginfo-12.22.9-4.25.1 nodejs12-debugsource-12.22.9-4.25.1 nodejs12-devel-12.22.9-4.25.1 npm12-12.22.9-4.25.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.9-4.25.1 References: https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 . SUSE has released a security update for nodejs12, targeting several vulnerabilities classified as moderate severity; applying this update is crucial to enhance your system's security.. nodejs12 security fix,SUSE Linux Enterprise,moderate security advisory,web scripting vulnerabilities. . LinuxSecurity.com Team
Jan 18, 2022
SuSE
202
security advisorypatchimportantopenSUSE 15.3 Security Update: 2021:3940-1 Critical Issues Resolved
An update that fixes 7 vulnerabilities is now available. . openSUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2021:3940-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). -CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2021-3940=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.7-4.22.1 nodejs12-debuginfo-12.22.7-4.22.1 nodejs12-debugsource-12.22.7-4.22.1 nodejs12-devel-12.22.7-4.22.1 npm12-12.22.7-4.22.1 - openSUSE Leap 15.3 (noarch): nodejs12-docs-12.22.7-4.22.1 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 . A significant release for openSUSE has been issued to resolve eight vulnerabilities in nodejs12 that are impacting system performance.. openSUSE Security Update,nodejs update,security issues,nodejs fixes,system security. . Severity: Important. LinuxSecurity.com Team
Dec 06, 2021
•Important
OpenSUSE
100
security advisorycriticalimportantSUSE: 2021:3940-1 Important Nodejs12 Important Security Fix
An update that fixes 7 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs12 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3940-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs12 fixes the following issues: - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). -CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3940=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3940=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.7-4.22.1 nodejs12-debuginfo-12.22.7-4.22.1 nodejs12-debugsource-12.22.7-4.22.1 nodejs12-devel-12.22.7-4.22.1 npm12-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs12-docs-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs12-12.22.7-4.22.1 nodejs12-debuginfo-12.22.7-4.22.1 nodejs12-debugsource-12.22.7-4.22.1 nodejs12-devel-12.22.7-4.22.1 npm12-12.22.7-4.22.1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs12-docs-12.22.7-4.22.1 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 . SUSE delivers an essential upgrade for nodejs12, tackling significant vulnerabilities and security risks to ensure maximum safety.. Nodejs Security Update, SUSE Patches, Critical Security Fixes. . Severity: Important. LinuxSecurity.com Team
Dec 06, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!