Stay Secure with the Latest Linux Advisories
Refine advisories
X Clear Filters
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Loading...
Explore Latest Linux Security advisories
We found -1 articles for you...
100
security advisorysoftware updateimportantSUSE 2023:4374-1 Important: NodeJS12 Integrity Checks and Rapid Reset
* bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 . # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4374-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4374=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -tpatch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4374=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4374=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4374=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4374=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4374=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4374=1 ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * openSUSE Leap 15.4 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 *nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 *nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Manager Server 4.2 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs12-12.22.12-150200.4.53.2 * npm12-12.22.12-150200.4.53.2 * nodejs12-devel-12.22.12-150200.4.53.2 * nodejs12-debuginfo-12.22.12-150200.4.53.2 * nodejs12-debugsource-12.22.12-150200.4.53.2 * SUSE Enterprise Storage 7.1 (noarch) * nodejs12-docs-12.22.12-150200.4.53.2 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . Address essential security patches for nodejs12 to alleviate significant vulnerabilities in SUSE frameworks efficiently.. NodeJS Security, SUSE Updates, Integrity Checks, Security Patches. . Severity: Important. LinuxSecurity.com Team
Nov 06, 2023
•Important
SuSE
100
security advisoryimportantopenSUSESUSE: 2023:4295-1 Important: Nodejs10 Critical Rapid Reset
* bsc#1216190 Cross-References: * CVE-2023-44487 . # Security update for nodejs10 Announcement ID: SUSE-SU-2023:4295-1 Rating: important References: * bsc#1216190 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * openSUSE Leap 15.4 * SUSE CaaS Platform 4.0 * SUSE Linux Enterprise High Performance Computing 15 SP1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise High Performance Computing 15 SP2 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server 15 SP1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 * SUSE Linux Enterprise Server 15 SP2 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 An update that solves one vulnerability can now be installed. ## Description: This update for nodejs10 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.4 zypper in -t patch openSUSE-SLE-15.4-2023-4295=1 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-4295=1 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 zypper in -t patch SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-4295=1 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 zypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-4295=1 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 zypper in -t patchSUSE-SLE-Product-SLES-15-SP2-LTSS-2023-4295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2023-4295=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP2-2023-4295=1 * SUSE CaaS Platform 4.0 To install this update, use the SUSE CaaS Platform 'skuba' tool. It will inform you if it detects new updates and let you then trigger updating of the complete cluster in a controlled way. ## Package List: * openSUSE Leap 15.4 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * openSUSE Leap 15.4 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (aarch64 x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (aarch64 x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSELinux Enterprise Server 15 SP1 LTSS 15-SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (aarch64 ppc64le s390x x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (ppc64le x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP1 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (ppc64le x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE Linux Enterprise Server for SAP Applications 15 SP2 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 * SUSE CaaS Platform 4.0 (x86_64) * npm10-10.24.1-150000.1.62.3 * nodejs10-debuginfo-10.24.1-150000.1.62.3 * nodejs10-debugsource-10.24.1-150000.1.62.3 * nodejs10-devel-10.24.1-150000.1.62.3 * nodejs10-10.24.1-150000.1.62.3 * SUSE CaaS Platform 4.0 (noarch) * nodejs10-docs-10.24.1-150000.1.62.3 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 . Critical patch release for nodejs12 tackles CVE-2023-44488 across various Ubuntu versions.. SUSE Linux, Node.js Security, High Performance Computing, CaaS Platform. . Severity: Important. LinuxSecurity.com Team
Oct 31, 2023
•Important
SuSE
100
security advisorySUSE Linuximportant updateSUSE: 2023:4259-1 Important: nodejs12 Integrity Fix And Rapid Reset
* bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 . # Security update for nodejs12 Announcement ID: SUSE-SU-2023:4259-1 Rating: important References: * bsc#1216190 * bsc#1216272 Cross-References: * CVE-2023-38552 * CVE-2023-44487 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP2 * SUSE Linux Enterprise High Performance Computing 12 SP3 * SUSE Linux Enterprise High Performance Computing 12 SP4 * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 * SUSE Linux Enterprise Server 12 SP1 * SUSE Linux Enterprise Server 12 SP2 * SUSE Linux Enterprise Server 12 SP3 * SUSE Linux Enterprise Server 12 SP4 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 * SUSE Linux Enterprise Server for SAP Applications 12 SP1 * SUSE Linux Enterprise Server for SAP Applications 12 SP2 * SUSE Linux Enterprise Server for SAP Applications 12 SP3 * SUSE Linux Enterprise Server for SAP Applications 12 SP4 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * Web and Scripting Module 12 An update that solves two vulnerabilities can now be installed. ## Description: This update for nodejs12 fixes the following issues: * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * Web andScripting Module 12 zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2023-4259=1 ## Package List: * Web and Scripting Module 12 (aarch64 ppc64le s390x x86_64) * nodejs14-debugsource-14.21.3-6.49.1 * npm14-14.21.3-6.49.1 * nodejs14-debuginfo-14.21.3-6.49.1 * nodejs14-14.21.3-6.49.1 * nodejs14-devel-14.21.3-6.49.1 * Web and Scripting Module 12 (noarch) * nodejs14-docs-14.21.3-6.49.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 . Important patch for nodejs12 fixes security flaws and swift recovery risks for SUSE Linux. Audit your environments immediately.. NodeJS Update, SUSE Linux Security, NodeJS Vulnerability Fix, Rapid Reset Patch. . Severity: Important. LinuxSecurity.com Team
Oct 30, 2023
•Important
SuSE
202
security advisorycode injectionimportant patchopenSUSE 15.3: SUSE-SU-2023:4207-1 Important: Nodejs18 Fix
This update for nodejs18 fixes the following issues: Update to version 18.18.2 CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190). # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4207-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommendedinstallation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4207=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4207=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4207=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150300.7.30.1 * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * openSUSE Leap 15.3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE LinuxEnterprise High Performance Computing LTSS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 *https://bugzilla.suse.com/show_bug.cgi?id=1216273 . Node.js 18 has released an important update to resolve serious vulnerabilities, such as the Rapid Reset attack along with multiple injection flaws. Update immediately!. nodejs update, openSUSE nodejs18, security advisory nodejs, important security patch. . Severity: Important. LinuxSecurity.com Team
Oct 26, 2023
•Important
OpenSUSE
100
security advisoryupdateimportantSUSE: 2023:4207-1 Important: Nodejs18 Cookie Leakage and Code Injection
* bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 . # Security update for nodejs18 Announcement ID: SUSE-SU-2023:4207-1 Rating: important References: * bsc#1216190 * bsc#1216205 * bsc#1216272 * bsc#1216273 Cross-References: * CVE-2023-38552 * CVE-2023-39333 * CVE-2023-44487 * CVE-2023-45143 CVSS scores: * CVE-2023-38552 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N * CVE-2023-38552 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N * CVE-2023-39333 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-45143 ( SUSE ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L * CVE-2023-45143 ( NVD ): 3.9 CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L Affected Products: * openSUSE Leap 15.3 * SUSE Enterprise Storage 7.1 * SUSE Linux Enterprise High Performance Computing 15 SP3 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 * SUSE Linux Enterprise Server 15 SP3 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 * SUSE Manager Server 4.2 An update that solves four vulnerabilities can now be installed. ## Description: This update for nodejs18 fixes the following issues: * Update to version 18.18.2 * CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190) * CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205) * CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272) * CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run thecommand listed for your product: * openSUSE Leap 15.3 zypper in -t patch SUSE-2023-4207=1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-ESPOS-2023-4207=1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 zypper in -t patch SUSE-SLE-Product-HPC-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 zypper in -t patch SUSE-SLE-Product-SLES-15-SP3-LTSS-2023-4207=1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 zypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP3-2023-4207=1 * SUSE Manager Server 4.2 zypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.2-2023-4207=1 * SUSE Enterprise Storage 7.1 zypper in -t patch SUSE-Storage-7.1-2023-4207=1 ## Package List: * openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64 i586) * corepack16-16.20.2-150300.7.30.1 * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * openSUSE Leap 15.3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (noarch) *nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (aarch64 ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (ppc64le x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Linux Enterprise Server for SAP Applications 15 SP3 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (ppc64le s390x x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Manager Server 4.2 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (aarch64 x86_64) * nodejs16-debugsource-16.20.2-150300.7.30.1 * npm16-16.20.2-150300.7.30.1 * nodejs16-16.20.2-150300.7.30.1 * nodejs16-devel-16.20.2-150300.7.30.1 * nodejs16-debuginfo-16.20.2-150300.7.30.1 * SUSE Enterprise Storage 7.1 (noarch) * nodejs16-docs-16.20.2-150300.7.30.1 ## References: * https://www.suse.com/security/cve/CVE-2023-38552.html * https://www.suse.com/security/cve/CVE-2023-39333.html * https://www.suse.com/security/cve/CVE-2023-44487.html * https://www.suse.com/security/cve/CVE-2023-45143.html * https://bugzilla.suse.com/show_bug.cgi?id=1216190 * https://bugzilla.suse.com/show_bug.cgi?id=1216205 * https://bugzilla.suse.com/show_bug.cgi?id=1216272 * https://bugzilla.suse.com/show_bug.cgi?id=1216273 . The latest version of SUSE's nodejs18 addresses a range ofsecurity vulnerabilities affecting numerous platforms and applications. Ensure your systems are protected and current!. SUSE Security Updates,nodejs18 Issues,SUSE Enterprise Server Updates,SUSE Linux Updates. . Severity: Important. LinuxSecurity.com Team
Oct 26, 2023
•Important
SuSE
100
security advisoryimportantsuseSUSE: 2023:4199-1 Important: Fix for nghttp2 Rapid Reset Attack
* bsc#1216123 * bsc#1216174 Cross-References: * CVE-2023-44487 . # Security update for nghttp2 Announcement ID: SUSE-SU-2023:4199-1 Rating: important References: * bsc#1216123 * bsc#1216174 Cross-References: * CVE-2023-44487 CVSS scores: * CVE-2023-44487 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H * CVE-2023-44487 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Affected Products: * SUSE Linux Enterprise High Performance Computing 12 SP5 * SUSE Linux Enterprise Server 12 SP5 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 * SUSE Linux Enterprise Software Development Kit 12 SP5 An update that solves one vulnerability and has one security fix can now be installed. ## Description: This update for nghttp2 fixes the following issues: * CVE-2023-44487: Fixed HTTP/2 Rapid Reset attack. (bsc#1216174) ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: * SUSE Linux Enterprise Software Development Kit 12 SP5 zypper in -t patch SUSE-SLE-SDK-12-SP5-2023-4199=1 * SUSE Linux Enterprise High Performance Computing 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4199=1 * SUSE Linux Enterprise Server 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4199=1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 zypper in -t patch SUSE-SLE-SERVER-12-SP5-2023-4199=1 ## Package List: * SUSE Linux Enterprise Software Development Kit 12 SP5 (aarch64 ppc64le s390x x86_64) * libnghttp2-devel-1.39.2-3.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (aarch64 x86_64) * nghttp2-debugsource-1.39.2-3.13.1 * nghttp2-debuginfo-1.39.2-3.13.1 * libnghttp2-14-1.39.2-3.13.1 * libnghttp2-14-debuginfo-1.39.2-3.13.1 * SUSE Linux Enterprise High Performance Computing 12 SP5 (x86_64) *libnghttp2-14-debuginfo-32bit-1.39.2-3.13.1 * libnghttp2-14-32bit-1.39.2-3.13.1 * SUSE Linux Enterprise Server 12 SP5 (aarch64 ppc64le s390x x86_64) * nghttp2-debugsource-1.39.2-3.13.1 * nghttp2-debuginfo-1.39.2-3.13.1 * libnghttp2-14-1.39.2-3.13.1 * libnghttp2-14-debuginfo-1.39.2-3.13.1 * SUSE Linux Enterprise Server 12 SP5 (s390x x86_64) * libnghttp2-14-debuginfo-32bit-1.39.2-3.13.1 * libnghttp2-14-32bit-1.39.2-3.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (ppc64le x86_64) * nghttp2-debugsource-1.39.2-3.13.1 * nghttp2-debuginfo-1.39.2-3.13.1 * libnghttp2-14-1.39.2-3.13.1 * libnghttp2-14-debuginfo-1.39.2-3.13.1 * SUSE Linux Enterprise Server for SAP Applications 12 SP5 (x86_64) * libnghttp2-14-debuginfo-32bit-1.39.2-3.13.1 * libnghttp2-14-32bit-1.39.2-3.13.1 ## References: * https://www.suse.com/security/cve/CVE-2023-44487.html * https://bugzilla.suse.com/show_bug.cgi?id=1216123 * https://bugzilla.suse.com/show_bug.cgi?id=1216174 . Urgent patch release for nghttp2 in SUSE tackling HTTP/2 Rapid Reset vulnerability. Update your systems immediately.. Linux Enterprise, SuSE Linux, Server Security, nghttp2, Software Update. . Severity: Important. LinuxSecurity.com Team
Oct 26, 2023
•Important
SuSE
87
security advisorycriticaldebianDebian 10: DSA-5522-3 Critical: Tomcat9 HTTP2 Regression Attack Fix
A regression was discovered in the Http2UpgradeHandler class of Tomcat 9 introduced by the patch to fix CVE-2023-44487 (Rapid Reset Attack). A wrong value for the overheadcount variable forced HTTP2 connections to close early. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5522-3
Oct 16, 2023
•Critical
Debian
87
security advisorycriticaldebianDebian 10: DSA-5522-2 Critical: Tomcat9 Rapid Reset Attack Regression Fix
The patch to address CVE-2023-44487 (Rapid Reset Attack) was incomplete and caused a regression when using asynchronous I/O (the default for NIO and NIO2). DATA frames must be included when calculating the HTTP/2 overhead count to ensure that connections are not prematurely terminated. . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5522-2
Oct 12, 2023
•Critical
Debian
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Community Poll
What got you started with Linux?
Search Topics
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!