OPENSUSE-SU-2021:0065-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

SUSE-SU-2021:0107-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

SUSE-SU-2021:0099-1 Security update for openstack-dashboard, release-notes-suse-openstack-cloud

This update for openstack-dashboard, release-notes-suse-openstack-cloud fixes the following issues: - Fix open redirect OSSA-2020-008, CVE-2020-29565 - Fix horizon-nodejs jobs. - Add workaround for secure boot issue when shim package is updated. bsc1179955...

SUSE-SU-2021:0082-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - New upstream LTS version 10.23.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

[ASA-202101-16] nodejs: multiple issues

Arch Linux Security Advisory ASA-202101-16 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1400 Summary ======= The package nodejs before...

[ASA-202101-14] nodejs-lts-erbium: multiple issues

Arch Linux Security Advisory ASA-202101-14 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs-lts-erbium Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1402 Summary ======= The package...

[ASA-202101-13] nodejs-lts-dubnium: multiple issues

Arch Linux Security Advisory ASA-202101-13 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-8265 CVE-2020-8287 Package : nodejs-lts-dubnium Type : multiple issues Remote : No Link : https://security.archlinux.org/AVG-1403 Summary ======= The package...

GLSA-202101-07 : NodeJS: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202101-07 NodeJS: Multiple vulnerabilities Multiple vulnerabilities have been discovered in NodeJS. Please review the CVE identifiers referenced below for details. Impact : Please review the referenced CVE identifiers for details...

SUSE-SU-2021:0062-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - New upstream LTS version 12.20.1: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

SUSE-SU-2021:0061-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

Fedora: Security Advisory for nodejs (FEDORA-2021-fb1a136393)

The remote host is missing an update for the Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

NodeJS: Multiple vulnerabilities

Background Node.js is a JavaScript runtime built on Chrome’s V8 JavaScript engine. Description Multiple vulnerabilities have been discovered in NodeJS. Please review the CVE identifiers referenced below for details. Impact Please review the referenced CVE identifiers for details. Workaround There...

Debian DSA-4826-1 : nodejs - security update

Two vulnerabilities were discovered in Node.js, which could result in denial of service and potentially the execution of arbitrary code or HTTP request smuggling. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory...

Nodejs Core Access Control Error Vulnerability

Nodejs Core is a core module compiled into Nodejs from the OpenJS Foundation. This module for Nodejs provides the underlying TCP, HTTP, DNS, file system, subprocesses and other functionality support. A security vulnerability exists in Node Core that can be exploited by an attacker to bypass acces...

[SECURITY] [DSA 4826-1] nodejs security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4826-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff January 06, 2021 https://www.debian.org/security/faq -...

DEBIAN-CVE-2020-8287

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request for example, two Transfer-Encoding header fields. In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling...

DEBIAN-CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

UBUNTU-CVE-2020-8265

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method...

Hackers Using Fake Trump's Scandal Video to Spread QNode Malware

Cybesecurity researchers today revealed a new malspam campaign that distributes a remote access Trojan RAT by purporting to contain a sex scandal video of U.S. President Donald Trump. The emails, which carry with the subject line "GOOD LOAN OFFER!!," come attached with a Java archive JAR file...

CVE-2020-8265

A flaw was found in nodejs. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as first argument. If the DoWrite method does not return an error, this object is passed back to the caller as part of a StreamWriteResu...