Lucene search

K
suseSuseOPENSUSE-SU-2021:1574-1
HistoryDec 12, 2021 - 12:00 a.m.

Security update for nodejs12 (important)

2021-12-1200:00:00
lists.opensuse.org
15

EPSS

0.003

Percentile

69.7%

An update that fixes 7 vulnerabilities is now available.

Description:

This update for nodejs12 fixes the following issues:

  • CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers
    (bsc#1191601).
  • CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body
    (bsc#1191602).
  • CVE-2021-37701: Fixed arbitrary file creation and overwrite in
    nodejs-tar (bsc#1190057).
  • CVE-2021-37712: Fixed arbitrary file creation and overwrite in
    nodejs-tar (bsc#1190056).
  • CVE-2021-37713: Fixed arbitrary code execution and file creation and
    overwrite in nodejs-tar (bsc#1190055).
  • CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist
    (bsc#1190054).
  • CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist
    (bsc#1190053).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-1574=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2i586< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.i586.rpm
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (i586 x86_64):- openSUSE Leap 15.2 (i586 x86_64):.x86_64.rpm
openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm