openSUSE: Security Advisory for squid (openSUSE-SU-2019:2541-1)

The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2018-12116

Node.js: All versions prior to Node.js 6.15.0 and 8.14.0: HTTP request splitting: If Node.js can be convinced to use unsanitized user-provided Unicode data for the path option of an HTTP request, then data can be provided which will trigger a second, unexpected, and user-defined HTTP request to...

Updated squid packages fix security vulnerabilities

Potential remote code execution during URN processing CVE-2019-12526. Multiple improper validations in URI processing CVE-2019-12523, CVE-2019-18676. Cross-Site Request Forgery in HTTP Request processing CVE-2019-18677. Incorrect message parsing which could have led to HTTP request splitting issu...

SUSE SLES12 Security Update : squid (SUSE-SU-2019:3067-1)

This update for squid to version 4.9 fixes the following issues : Security issues fixed : CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326...

Squid Multiple Security Update Advisories (SQUID-2019:7, SQUID-2019:8, SQUID-2019:10)

Squid is prone to multiple vulnerabilities. Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE: Security Advisory for squid (openSUSE-SU-2019:2540-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

openSUSE Security Update : squid (openSUSE-2019-2540)

This update for squid to version 4.9 fixes the following issues : Security issues fixed : - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

OPENSUSE-SU-2019:2541-1 Security update for squid

This update for squid to version 4.9 fixes the following issues: Security issues fixed: - CVE-2019-13345: Fixed multiple cross-site scripting vulnerabilities in cachemgr.cgi bsc1140738. - CVE-2019-12526: Fixed potential remote code execution during URN processing bsc1156326. -...

Security update for squid (important)

openSUSE Security Update: Security update for squid Announcement ID: openSUSE-SU-2019:2541-1 Rating: important References: 1133089 1140738 1141329 1141330 1141332 1141442 1156323 1156324 1156326 1156328 1156329 Cross-References: CVE-2019-12523 CVE-2019-12525 CVE-2019-12526 CVE-2019-12527...

Squid Multiple Security Vulnerabilities

Description Squid is prone to the following vulnerabilities: 1. Multiple buffer-overflow vulnerabilities. 2. An information disclosure vulnerability. 3. A cross-site request-forgery vulnerability. 4. An HTTP request-splitting vulnerability 5. A security-bypass vulnerability. Successful...

Updated nodejs packages fix security vulnerabilities

This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018

Summary There are multiple vulnerabilities in Node.js used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper...

Security Bulletin: Multiple vulnerabilities in Node.js affect IBM Cloud App Management V2018

Summary There are multiple vulnerabilities in Node.js used by IBM® Cloud App Management V2018. IBM® Cloud App Management has addressed the applicable CVEs in a later version. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper...

Security Bulletin: IBM Planning Analytics Local is affected by multiple vulnerabilities (CVE-2018-12116, CVE-2018-12121, CVE-2018-12122, CVE-2018-12123)

Summary The Planning Analytics Workspace component of IBM Planning Analytics is vulnerable to multiple Node.js vulnerabilities. The version of Node.js use by IBM Planning Analytics Workspace has been upgraded to address these vulnerabilities. Vulnerability Details CVEID: CVE-2018-12116 DESCRIPTIO...

Security Bulletin: Multiple vulnerabilities in Node.js and OpenSSL affect IBM Watson Assistant on IBM Cloud Private

Summary Multiple vulnerabilities in Node.js™ and OpenSSL as used by Node.js that affect IBM® Watson™ Assistant on IBM Cloud Private were disclosed by the Node.js foundation and OpenSSL project. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service,...

Security Bulletin: IBM Event Streams is affected by Node.js vulnerabilities

Summary IBM Event Streams is affected by the following vulnerabilities in the included Node.js runtime shipped. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending headers very slowly...

OPENSUSE-SU-2019:0089-1 Security update for nodejs8

This update for nodejs8 to version 8.15.0 fixes the following issues: Security issues fixed: - CVE-2018-12121: Fixed a Denial of Service with large HTTP headers bsc1117626 - CVE-2018-12122: Fixed the 'Slowloris' HTTP Denial of Service bsc1117627 - CVE-2018-12116: Fixed HTTP request splitting...

openSUSE Security Update : nodejs6 (openSUSE-2019-234)

This update for nodejs6 to version 6.16.0 fixes the following issues : Security issues fixed : - CVE-2018-0734: Fixed a timing vulnerability in the DSA signature generation bsc1113652 - CVE-2018-5407: Fixed a hyperthread port content side channel attack aka 'PortSmash' bsc1113534 - CVE-2018-12120...

openSUSE: Security Advisory for nodejs6 (openSUSE-SU-2019:0234-1)

The remote host is missing an update for the Copyright C 2019 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security Bulletin: Multiple security vulnerabilities in Node.js affect IBM Voice Gateway

Summary Security Vulnerabilities in Node.js affect IBM Voice Gateway. Vulnerability Details CVEID: CVE-2018-12122 DESCRIPTION: Node.js is vulnerable to a denial of service, caused by improper validation of HTTP headers. By sending headers very slowly keeping HTTP or HTTPS connections and associat...