Lucene search

K
suseSuseOPENSUSE-SU-2021:2953-1
HistorySep 03, 2021 - 12:00 a.m.

Security update for nodejs10 (moderate)

2021-09-0300:00:00
lists.opensuse.org
36

0.015 Low

EPSS

Percentile

87.1%

An update that fixes four vulnerabilities is now available.

Description:

This update for nodejs10 fixes the following issues:

  • CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881).
  • CVE-2021-22930: Fixed use after free on close http2 on stream canceling
    (bsc#1188917).
  • CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized
    parameter (bsc#1189369).
  • CVE-2021-22931: Fixed improper handling of untypical characters in
    domain names (bsc#1189370).

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.3:

    zypper in -t patch openSUSE-SLE-15.3-2021-2953=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.3aarch64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm
openSUSE Leap15.3ppc64le< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm
openSUSE Leap15.3s390x< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm
openSUSE Leap15.3x86_64< - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):- openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm
openSUSE Leap15.3noarch< - openSUSE Leap 15.3 (noarch):- openSUSE Leap 15.3 (noarch):.noarch.rpm