11 matches found
SUSE-SU-2024:1837-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-30260: undici: proxy-authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline bsc1222530 - CVE-2024-30261: undici: Ensure that integrity cannot be tampered with bsc1222603...
SUSE-SU-2024:1308-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::Http2Session that could lead to HTTP/2 server crash bsc1222244 - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation bsc1222384...
SUSE-SU-2024:0731-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding bsc1219997. CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk...
SUSE-SU-2024:0729-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding bsc1219997. CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk...
SUSE-SU-2024:0728-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Security issues fixed: CVE-2023-46809: Node.js is vulnerable to the Marvin Attack timing variant of the Bleichenbacher attack against PKCS1 v1.5 padding bsc1219997. CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk...
SUSE-SU-2023:1942-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...
SUSE-SU-2022:4003-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address bsc1205119. - Update to LTS version 16.18.0: http: throw error on content-length mismatch stream: add ReadableByteStream.tee deps:...
SUSE-SU-2022:3656-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: Updated to version 16.17.1: - CVE-2022-32213: Fixed bypass via obs-fold mechanic bsc1201325. - CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding bsc1201327. - CVE-2022-35256: Fixed incorrect Parsing of Header Fields...
SUSE-SU-2022:2551-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...
SUSE-SU-2022:2491-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...
SUSE-SU-2022:2415-1 Security update for nodejs16
This update for nodejs16 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses bsc1201328. - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding bsc1201325. - CVE-2022-32214: Fixed HTTP request smuggling due to...