Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found 3 articles for you...
100
security advisorysecurity issueupdateSUSE: 2022:1550-1 Important Update for bci/nodejs - Security Issues
The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:1550-1 Container Tags : bci/node:14 , bci/node:14-13.17 , bci/nodejs:14 , bci/nodejs:14-13.17 Container Release : 13.17 Severity : important Type : security References : 1197718 1199140 1199232 1199232 1200334 1200855 1201325 1201326 1201327 1201328 CVE-2022-1586 CVE-2022-1586 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2360-1 Released: Tue Jul 12 12:01:39 2022 Summary: Security update for pcre2 Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre2 fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2361-1 Released: Tue Jul 12 12:05:01 2022 Summary: Security update for pcre Type: security Severity: important References: 1199232,CVE-2022-1586 This update for pcre fixes the following issues: - CVE-2022-1586: Fixed unicode property matching issue. (bsc#1199232) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:2406-1 Released: Fri Jul 15 11:49:01 2022 Summary: Recommended update for glibc Type: recommended Severity: moderate References: 1197718,1199140,1200334,1200855 This update for glibc fixes the following issues: - powerpc: Fix VSX register number on __strncpy_power9 (bsc#1200334) - Disable warnings due to deprecated libselinux symbolsused by nss and nscd (bsc#1197718) - i386: Remove broken CAN_USE_REGISTER_ASM_EBP (bsc#1197718) - rtld: Avoid using up static TLS surplus for optimizations (bsc#1200855, BZ #25051) This readds the s390 32bit glibc and libcrypt1 libraries (glibc-32bit, glibc-locale-base-32bit, libcrypt1-32bit). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:2425-1 Released: Mon Jul 18 09:04:24 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1201325,1201326,1201327,1201328,CVE-2022-32212,CVE-2022-32213,CVE-2022-32214,CVE-2022-32215 This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The following package changes have been done: - glibc-2.31-150300.31.2 updated - libcrypt1-4.4.15-150300.4.4.3 updated - libpcre1-8.45-150000.20.13.1 updated - libpcre2-8-0-10.39-150400.4.3.1 updated - nodejs14-14.20.0-150200.15.34.1 updated - npm14-14.20.0-150200.15.34.1 updated - container:sles15-image-15.0.0-27.8.6 updated . SUSE Container Release: bci/python refreshed with critical security enhancements targeting multiple vulnerabilities.. Container Update,SUSE Security,important security fixes. . Severity: Important. LinuxSecurity.com Team
Jul 19, 2022
•Important
SuSE
100
security advisorydenial of serviceinformation exposureSUSE: 2022:1459-1 Important Nodejs14 Denial Of Service Issue
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2022:1459-1 Rating: important References: #1194819 #1196877 #1197283 #1198247 Cross-References: CVE-2021-44906 CVE-2021-44907 CVE-2022-0235 CVE-2022-0778 CVSS scores: CVE-2021-44906 (NVD) : 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-44906 (SUSE): 5.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-44907 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-44907 (SUSE): 3.1 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N CVE-2022-0235 (SUSE): 6.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N CVE-2022-0778 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2022-0778 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachablewhen parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-1459=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.19.1-6.28.1 nodejs14-debuginfo-14.19.1-6.28.1 nodejs14-debugsource-14.19.1-6.28.1 nodejs14-devel-14.19.1-6.28.1 npm14-14.19.1-6.28.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.19.1-6.28.1 References: https://www.suse.com/security/cve/CVE-2021-44906.html https://www.suse.com/security/cve/CVE-2021-44907.html https://www.suse.com/security/cve/CVE-2022-0235.html https://www.suse.com/security/cve/CVE-2022-0778.html https://bugzilla.suse.com/1194819 https://bugzilla.suse.com/1196877 https://bugzilla.suse.com/1197283 https://bugzilla.suse.com/1198247 . SUSE Security Patch for nodejs14 tackles severe problems including data leaks and denial of service flaws.. Nodejs14 Security Update, SUSE Important Update, Denial of Service Fix. . Severity: Important. LinuxSecurity.com Team
Apr 28, 2022
•Important
SuSE
100
security advisorysoftware updateimportantSUSE: 2022:256-1 Critical Update for BCI NodeJS Security Issues
The container bci/nodejs was updated. The following patches have been included in this update:. SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2022:256-1 Container Tags : bci/node:14 , bci/node:14-14.13 , bci/nodejs:14 , bci/nodejs:14-14.13 Container Release : 14.13 Severity : important Type : security References : 1187512 1188348 1188507 1190447 1191962 1191963 1192153 1192154 1192696 1192954 1193632 1194976 1196025 1196026 1196168 1196169 1196171 CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918 CVE-2021-3995 CVE-2021-3996 CVE-2022-25235 CVE-2022-25236 CVE-2022-25313 CVE-2022-25314 CVE-2022-25315 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-RU-2021:2626-1 Released: Thu Aug 5 12:10:35 2021 Summary: Recommended maintenance update for libeconf Type: recommended Severity: moderate References: 1188348 This update for libeconf fixes the following issue: - Solve a downgrade issue between SUSE Linux Enterprise SP3 and lower (bsc#1188348) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:674-1 Released: Wed Mar 2 13:24:38 2022 Summary: Recommended update for yast2-network Type: recommended Severity: moderate References: 1187512 This update for yast2-network fixes the following issues: - Don't crash at the end of installation when storing wifi configuration for NetworkManager. (bsc#1187512) ----------------------------------------------------------------- Advisory ID: SUSE-RU-2022:692-1 Released: Thu Mar 3 15:46:47 2022 Summary: Recommended update forfilesystem Type: recommended Severity: moderate References: 1190447 This update for filesystem fixes the following issues: - Release ported filesystem to LTSS channels (bsc#1190447). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:713-1 Released: Fri Mar 4 09:34:17 2022 Summary: Security update for expat Type: security Severity: important References: 1196025,1196026,1196168,1196169,1196171,CVE-2022-25235,CVE-2022-25236,CVE-2022-25313,CVE-2022-25314,CVE-2022-25315 This update for expat fixes the following issues: - CVE-2022-25236: Fixed possible namespace-separator characters insertion into namespace URIs (bsc#1196025). - CVE-2022-25235: Fixed UTF-8 character validation in a certain context (bsc#1196026). - CVE-2022-25313: Fixed stack exhaustion in build_model() via uncontrolled recursion (bsc#1196168). - CVE-2022-25314: Fixed integer overflow in copyString (bsc#1196169). - CVE-2022-25315: Fixed integer overflow in storeRawNames (bsc#1196171). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:715-1 Released: Fri Mar 4 09:37:47 2022 Summary: Security update for nodejs14 Type: security Severity: important References: 1191962,1191963,1192153,1192154,1192696,CVE-2021-23343,CVE-2021-32803,CVE-2021-32804,CVE-2021-3807,CVE-2021-3918 This update for nodejs14 fixes the following issues: - CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153). - CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963). - CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962). - CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696). - CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex(bsc#1192154). ----------------------------------------------------------------- Advisory ID: SUSE-SU-2022:727-1 Released: Fri Mar 4 10:39:21 2022 Summary: Security update for libeconf, shadow and util-linux Type: security Severity: moderate References: 1188507,1192954,1193632,1194976,CVE-2021-3995,CVE-2021-3996 This security update for libeconf, shadow and util-linux fix the following issues: libeconf: - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by 'util-linux' and 'shadow' to fix autoyast handling of security related parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) Issues fixed in libeconf: - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157) - Fixed different issues while writing string values to file. - Writing comments to file too. - Fixed crash while merging values. - Added econftool cat option (#146) - new API call: econf_readDirsHistory (showing ALL locations) - new API call: econf_getPath (absolute path of the configuration file) - Man pages libeconf.3 and econftool.8. - Handling multiline strings. - Added libeconf_ext which returns more information like line_nr, comments, path of the configuration file,... - Econftool, an command line interface for handling configuration files. - Generating HTML API documentation with doxygen. - Improving error handling and semantic file check. - Joining entries with the same key to one single entry if env variable ECONF_JOIN_SAME_ENTRIES has been set. shadow: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) util-linux: - The legacy code does not support /etc/login.defs.d used by YaST. Enable libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402) - Allow use of larger values for start sector to prevent `blockdev --report` aborting (bsc#1188507) - Fixed `blockdev --report` using non-space characters as a field separator (bsc#1188507) - CVE-2021-3995: Fixed unauthorized unmount inutil-linux's libmount. (bsc#1194976) - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount. (bsc#1194976) The following package changes have been done: - filesystem-15.0-11.5.1 updated - libaugeas0-1.10.1-3.5.1 updated - libblkid1-2.36.2-150300.4.14.3 updated - libeconf0-0.4.4+git20220104.962774f-150300.3.6.2 added - libexpat1-2.2.5-3.15.1 updated - libfdisk1-2.36.2-150300.4.14.3 updated - libmount1-2.36.2-150300.4.14.3 updated - libsmartcols1-2.36.2-150300.4.14.3 updated - libuuid1-2.36.2-150300.4.14.3 updated - login_defs-4.8.1-150300.4.3.8 updated - nodejs14-14.19.0-15.27.1 updated - npm14-14.19.0-15.27.1 updated - shadow-4.8.1-150300.4.3.8 updated - util-linux-2.36.2-150300.4.14.3 updated - container:sles15-image-15.0.0-17.8.86 updated . The SUSE Container Update Advisory provides crucial details about bci/nodejs, highlighting significant security improvements and vital updates for peak performance and safety. NodeJS Security Patch, SUSE Container Update, BCI NodeJS Updates. . Severity: Important. LinuxSecurity.com Team
Mar 06, 2022
•Important
SuSE
202
security advisorymoderatesecurity fixopenSUSE Leap 15.3: 2022:0112-1 Moderate Security Fix For Nodejs14
An update that fixes four vulnerabilities is now available. . openSUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: openSUSE-SU-2022:0112-1 Rating: moderate References: #1194511 #1194512 #1194513 #1194514 Cross-References: CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 CVSS scores: CVE-2021-44531 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44532 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2021-44533 (SUSE): 5.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVE-2022-21824 (SUSE): 4 CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L Affected Products: openSUSE Leap 15.3 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Leap 15.3: zypper in -t patch openSUSE-SLE-15.3-2022-112=1 Package List: - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.3-15.24.1 nodejs14-debuginfo-14.18.3-15.24.1 nodejs14-debugsource-14.18.3-15.24.1 nodejs14-devel-14.18.3-15.24.1 npm14-14.18.3-15.24.1 - openSUSE Leap 15.3 (noarch): nodejs14-docs-14.18.3-15.24.1 References: https://www.suse.com/security/cve/CVE-2021-44531.html https://www.suse.com/security/cve/CVE-2021-44532.html https://www.suse.com/security/cve/CVE-2021-44533.html https://www.suse.com/security/cve/CVE-2022-21824.html https://bugzilla.suse.com/1194511 https://bugzilla.suse.com/1194512 https://bugzilla.suse.com/1194513 https://bugzilla.suse.com/1194514 . This patch for Fedora addresses several CVEs in python3, improving security and resolving identified vulnerabilities.. openSUSE nodejs14, security patch, nodejs vulnerabilities, security update, openSUSE fix. . LinuxSecurity.com Team
Jan 18, 2022
OpenSUSE
100
security advisoryupdateimportantSUSE: 2021:3964-1 Critical Security Update for Nodejs14 Released
An update that fixes 7 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3964-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 15-SP3 SUSE Linux Enterprise Module for Web Scripting 15-SP2 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling whenparsing the body (bsc#1191602, CVE-2021-22960) Changes in 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add "tries" option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6 * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 15-SP3: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP3-2021-3964=1 - SUSE Linux Enterprise Module for Web Scripting 15-SP2: zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP2-2021-3964=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.1-15.21.2 nodejs14-debuginfo-14.18.1-15.21.2 nodejs14-debugsource-14.18.1-15.21.2 nodejs14-devel-14.18.1-15.21.2 npm14-14.18.1-15.21.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP3 (noarch): nodejs14-docs-14.18.1-15.21.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.1-15.21.2 nodejs14-debuginfo-14.18.1-15.21.2 nodejs14-debugsource-14.18.1-15.21.2 nodejs14-devel-14.18.1-15.21.2 npm14-14.18.1-15.21.2 - SUSE Linux Enterprise Module for Web Scripting 15-SP2 (noarch): nodejs14-docs-14.18.1-15.21.2 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 . This enhancement fixes major vulnerabilities within nodejs14 for SUSE users, promoting more secure app implementation.. Nodejs14 Fix, SUSE Update, HTTP Request Security. . Severity: Important. LinuxSecurity.com Team
Dec 07, 2021
•Important
SuSE
100
security advisorysecurity updateimportantSUSE: 2021:3886-1 Important: nodejs14 HTTP Request Smuggling Threat
An update that fixes 7 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3886-1 Rating: important References: #1190053 #1190054 #1190055 #1190056 #1190057 #1191601 #1191602 Cross-References: CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVSS scores: CVE-2021-22959 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVE-2021-22959 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-22960 (SUSE): 6.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVE-2021-37701 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37701 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-37712 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-37712 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39134 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N CVE-2021-39134 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H CVE-2021-39135 (NVD) : 8.2 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 7 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: * deps: update llhttp to 2.1.4 Security fixes: - HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960) Changesin 14.18.0: * buffer: + introduce Blob + add base64url encoding option * child_process: + allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag * dns: add "tries" option to Resolve options * fs: + allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile * http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData Changes in 14.17.6: * deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-3886=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.18.1-6.18.2 nodejs14-debuginfo-14.18.1-6.18.2 nodejs14-debugsource-14.18.1-6.18.2 nodejs14-devel-14.18.1-6.18.2 npm14-14.18.1-6.18.2 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.18.1-6.18.2 References: https://www.suse.com/security/cve/CVE-2021-22959.html https://www.suse.com/security/cve/CVE-2021-22960.html https://www.suse.com/security/cve/CVE-2021-37701.html https://www.suse.com/security/cve/CVE-2021-37712.html https://www.suse.com/security/cve/CVE-2021-37713.html https://www.suse.com/security/cve/CVE-2021-39134.html https://www.suse.com/security/cve/CVE-2021-39135.html https://bugzilla.suse.com/1190053 https://bugzilla.suse.com/1190054 https://bugzilla.suse.com/1190055 https://bugzilla.suse.com/1190056 https://bugzilla.suse.com/1190057 https://bugzilla.suse.com/1191601 https://bugzilla.suse.com/1191602 . Crucial SUSE patch for nodejs14 addresses 7 vulnerabilities, guaranteeing system integrity and improved protection.. SUSE Security Update,nodejs14 Flaws,Important Security Fixes,Node.js Updates. . Severity: Important. LinuxSecurity.com Team
Dec 02, 2021
•Important
SuSE
100
security advisorysecurity updateimportantSUSE 2021:3184-1 Important: Nodejs14 Input Issues - Fix Available
An update that fixes 5 vulnerabilities is now available. . SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:3184-1 Rating: important References: #1188881 #1188917 #1189368 #1189369 #1189370 Cross-References: CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-22940 CVE-2021-3672 CVSS scores: CVE-2021-22930 (SUSE): 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVE-2021-22931 (SUSE): 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-22939 (SUSE): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVE-2021-22940 (SUSE): 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVE-2021-3672 (SUSE): 8.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes 5 vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). - CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368) - CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369) - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patchSUSE-SLE-Module-Web-Scripting-12-2021-3184=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.17.5-6.15.3 nodejs14-debuginfo-14.17.5-6.15.3 nodejs14-debugsource-14.17.5-6.15.3 nodejs14-devel-14.17.5-6.15.3 npm14-14.17.5-6.15.3 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.17.5-6.15.3 References: https://www.suse.com/security/cve/CVE-2021-22930.html https://www.suse.com/security/cve/CVE-2021-22931.html https://www.suse.com/security/cve/CVE-2021-22939.html https://www.suse.com/security/cve/CVE-2021-22940.html https://www.suse.com/security/cve/CVE-2021-3672.html https://bugzilla.suse.com/1188881 https://bugzilla.suse.com/1188917 https://bugzilla.suse.com/1189368 https://bugzilla.suse.com/1189369 https://bugzilla.suse.com/1189370 . An update from SUSE targets nodejs14 to rectify five crucial vulnerabilities related to input verification, among other concerns.. SUSE Security Update,nodejs14 patch,input validation issues,security fixes. . Severity: Important. LinuxSecurity.com Team
Sep 22, 2021
•Important
SuSE
100
security advisorydenial of serviceimportantSUSE: 2021:2345-1 Critical: Nodejs12 Security Updates for Vulnerabilities
An update that fixes four vulnerabilities is now available. . SUSE Security Update: Security update for nodejs14 ______________________________________________________________________________ Announcement ID: SUSE-SU-2021:2319-1 Rating: important References: #1184450 #1187973 #1187976 #1187977 Cross-References: CVE-2020-7774 CVE-2021-22918 CVE-2021-23362 CVE-2021-27290 CVSS scores: CVE-2020-7774 (NVD) : 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVE-2021-23362 (NVD) : 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-23362 (SUSE): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVE-2021-27290 (NVD) : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2021-27290 (SUSE): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: SUSE Linux Enterprise Module for Web Scripting 12 ______________________________________________________________________________ An update that fixes four vulnerabilities is now available. Description: This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read (bsc#1187973) - CVE-2021-27290: ssri Regular Expression Denial of Service (bsc#1187976) - CVE-2021-23362: hosted-git-info Regular Expression Denial of Service (bsc#1187977) - CVE-2020-7774: y18n Prototype Pollution (bsc#1184450) Patch Instructions: To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - SUSE Linux Enterprise Module for Web Scripting 12: zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2021-2319=1 Package List: - SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64): nodejs14-14.17.2-6.12.1 nodejs14-debuginfo-14.17.2-6.12.1 nodejs14-debugsource-14.17.2-6.12.1 nodejs14-devel-14.17.2-6.12.1 npm14-14.17.2-6.12.1 - SUSE Linux Enterprise Module for Web Scripting 12 (noarch): nodejs14-docs-14.17.2-6.12.1 References: https://www.suse.com/security/cve/CVE-2020-7774.html https://www.suse.com/security/cve/CVE-2021-22918.html https://www.suse.com/security/cve/CVE-2021-23362.html https://www.suse.com/security/cve/CVE-2021-27290.html https://bugzilla.suse.com/1184450 https://bugzilla.suse.com/1187973 https://bugzilla.suse.com/1187976 https://bugzilla.suse.com/1187977 . Node.js 14 has been updated to address significant security risks affecting the SUSE distribution, with comprehensive patching information available.. SUSE Security Update,nodejs14 issues,web scripting patch. . Severity: Important. LinuxSecurity.com Team
Jul 14, 2021
•Important
SuSE
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!