SUSE-SU-2022:1462-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BNmodsqrt reachable when parsing certificates bsc1196877. - CVE-2021-44906: Fixed a prototype pollution in node-minimist bsc1198247. - CVE-2021-44907: Fixed a potential Denial of Service vulnerability i...

OPENSUSE-SU-2021:1552-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: deps: update llhttp to 2.1.4 - HTTP Request Smuggling due to spaced in headers bsc1191601, CVE-2021-22959 - HTTP Request Smuggling when parsing the body bsc1191602, CVE-2021-22960 Changes in 14.18.0: buffer: +...

SUSE-SU-2021:3886-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: nodejs14 was updated to 14.18.1: deps: update llhttp to 2.1.4 Security fixes: - HTTP Request Smuggling due to spaced in headers bsc1191601, CVE-2021-22959 - HTTP Request Smuggling when parsing the body bsc1191602, CVE-2021-22960 Changes in...

OPENSUSE-SU-2021:2875-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names bsc1189370, bsc1188881 - CVE-2021-22940: Use after free on close http2 on stream canceling bsc1189368 - CVE-2021-22939: Incomplete...

SUSE-SU-2021:2875-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: Update to 12.22.5: - CVE-2021-3672/CVE-2021-22931: Improper handling of untypical characters in domain names bsc1189370, bsc1188881 - CVE-2021-22940: Use after free on close http2 on stream canceling bsc1189368 - CVE-2021-22939: Incomplete...

OPENSUSE-SU-2021:2354-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial ...

SUSE-SU-2021:2353-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial o...

OPENSUSE-SU-2021:2353-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: Update nodejs10 to 10.24.1. Including fixes for - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial o...

SUSE-SU-2021:2319-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: Update nodejs14 to 14.17.2. Including fixes for: - CVE-2021-22918: libuv upgrade - Out of bounds read bsc1187973 - CVE-2021-27290: ssri Regular Expression Denial of Service bsc1187976 - CVE-2021-23362: hosted-git-info Regular Expression Denial ...

OPENSUSE-SU-2021:0066-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

SUSE-SU-2021:0061-1 Security update for nodejs14

This update for nodejs14 fixes the following issues: - New upstream LTS version 14.15.4: CVE-2020-8265: use-after-free in TLSWrap High bug in TLS implementation. When writing to a TLS enabled socket, node::StreamBase::Write calls node::TLSWrap::DoWrite with a freshly allocated WriteWrap object as...

OPENSUSE-SU-2020:1660-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - nodejs10 was updated to 10.22.1 LTS: - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak through log files bsc1173937. - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation...

SUSE-SU-2020:2829-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: - nodejs10 was updated to 10.22.1 LTS: - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak through log files bsc1173937. - Explicitly add -fno-strict-aliasing to CFLAGS to fix compilation...

SUSE-SU-2020:2812-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - nodejs12 was updated to 12.18.4 LTS: - CVE-2020-8201: Fixed an HTTP Request Smuggling due to CR-to-Hyphen conversion bsc1176605. - CVE-2020-8252: Fixed a buffer overflow in realpath bsc1176589. - CVE-2020-15095: Fixed an information leak...

SUSE-SU-2020:1606-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: nodejs12 was updated to version 12.18.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass bsc117244...

SUSE-SU-2020:0455-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.19.0. Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string CVE-2019-15604, bsc1163104. - CVE-2019-15605: Fixed an HTTP request...

SUSE-SU-2020:0063-1 Security update for nodejs10

This update for nodejs10 to version 10.18.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. - Added support for chacha20-poly1305 for Authenticated...

SUSE-SU-2020:0043-1 Security update for nodejs8

This update for nodejs8 to version 8.17.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352...

MGASA-2019-0277 Updated nodejs packages fix security vulnerabilities

This update provides nodejs v6.17.1 fixing at least the following security issues: The c-ares function aresparsenaptrreply, which is used for parsing NAPTR responses, could be triggered to read memory outside of the given input buffer CVE-2017-1000381 Fix for 'path' module regular expression deni...

SUSE-SU-2019:2055-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: Security issue fixed: - CVE-2019-13173: Fixed a potential file overwrite via hardlink in fstream.DirWriter bsc1140290. Non-security issue fixed: - Backported fixes for OpenSSL 1.1.1 from nodejs8 bsc1134209...