8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N
An update that fixes 7 vulnerabilities is now available.
Description:
This update for nodejs14 fixes the following issues:
nodejs14 was updated to 14.18.1:
deps: update llhttp to 2.1.4
Changes in 14.18.0:
* buffer:
+ introduce Blob
+ add base64url encoding option
* child_process:
+ allow options.cwd receive a URL
+ add timeout to spawn and fork
+ allow promisified exec to be cancel
+ add 'overlapped' stdio flag
* dns: add "tries" option to Resolve options
* fs:
+ allow empty string for temp directory prefix
+ allow no-params fsPromises fileHandle read
+ add support for async iterators to fsPromises.writeFile
* http2: add support for sensitive headers
* process: add 'worker' event
* tls: allow reading data into a static buffer
* worker: add setEnvironmentData/getEnvironmentData
Changes in 14.17.6
* deps: upgrade npm to 6.14.15 which fixes a number of security issues
(bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712,
bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053,
CVE-2021-39135)
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.
Alternatively you can run the command listed for your product:
openSUSE Leap 15.3:
zypper in -t patch openSUSE-SLE-15.3-2021-3964=1
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
openSUSE Leap | 15.3 | aarch64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.aarch64.rpm | |
openSUSE Leap | 15.3 | ppc64le | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.ppc64le.rpm | |
openSUSE Leap | 15.3 | s390x | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.s390x.rpm | |
openSUSE Leap | 15.3 | x86_64 | < - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64): | - openSUSE Leap 15.3 (aarch64 ppc64le s390x x86_64):.x86_64.rpm | |
openSUSE Leap | 15.3 | noarch | < - openSUSE Leap 15.3 (noarch): | - openSUSE Leap 15.3 (noarch):.noarch.rpm |
8.6 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:P/A:N