1. Home
  2. Security Advisories
  3. OpenSUSE
  4. openSUSE-SU-2021:1574-1

[openSUSE-SU-2021:1574-1] Security update for nodejs12

Severity Important
Affected Packages 7
CVEs 7
Info Packages References Vulnerabilities

Security update for nodejs12

This update for nodejs12 fixes the following issues:

  • CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers (bsc#1191601).
  • CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602).
  • CVE-2021-37701: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190057).
  • CVE-2021-37712: Fixed arbitrary file creation and overwrite in nodejs-tar (bsc#1190056).
  • CVE-2021-37713: Fixed arbitrary code execution and file creation and overwrite in nodejs-tar (bsc#1190055).
  • CVE-2021-39134: Fixed symling following vulnerability in nodejs-arborist (bsc#1190054).
  • CVE-2021-39135: Fixed symling following vulnerability in nodejs-arborist (bsc#1190053).

This update was imported from the SUSE:SLE-15-SP2:Update update project.

Package Affected Version
pkg:rpm/opensuse/npm12?arch=x86_64&distro=opensuse-leap-15.2 < 12.22.7-lp152.3.21.1
pkg:rpm/opensuse/npm12?arch=i586&distro=opensuse-leap-15.2 < 12.22.7-lp152.3.21.1
pkg:rpm/opensuse/nodejs12?arch=x86_64&distro=opensuse-leap-15.2 < 12.22.7-lp152.3.21.1
pkg:rpm/opensuse/nodejs12?arch=i586&distro=opensuse-leap-15.2 < 12.22.7-lp152.3.21.1
pkg:rpm/opensuse/nodejs12-docs?arch=noarch&distro=opensuse-leap-15.2 < 12.22.7-lp152.3.21.1
pkg:rpm/opensuse/nodejs12-devel?arch=x86_64&distro=opensuse-leap-15.2 < 12.22.7-lp152.3.21.1
pkg:rpm/opensuse/nodejs12-devel?arch=i586&distro=opensuse-leap-15.2 < 12.22.7-lp152.3.21.1
ID
openSUSE-SU-2021:1574-1
Severity
important
URL
https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZ6MU5ASKOGKZBGVKFFXVB64PMZRVEPX/
Published
2021-12-12T01:19:11
(2 years ago)
Modified
2021-12-12T01:19:11
(2 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1574-1.json
Suse URL for openSUSE-SU-2021:1574-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZ6MU5ASKOGKZBGVKFFXVB64PMZRVEPX/
Suse E-Mail link for openSUSE-SU-2021:1574-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OZ6MU5ASKOGKZBGVKFFXVB64PMZRVEPX/
Bugzilla SUSE Bug 1190053 https://bugzilla.suse.com/1190053
Bugzilla SUSE Bug 1190054 https://bugzilla.suse.com/1190054
Bugzilla SUSE Bug 1190055 https://bugzilla.suse.com/1190055
Bugzilla SUSE Bug 1190056 https://bugzilla.suse.com/1190056
Bugzilla SUSE Bug 1190057 https://bugzilla.suse.com/1190057
Bugzilla SUSE Bug 1191601 https://bugzilla.suse.com/1191601
Bugzilla SUSE Bug 1191602 https://bugzilla.suse.com/1191602
CVE SUSE CVE CVE-2021-22959 page https://www.suse.com/security/cve/CVE-2021-22959/
CVE SUSE CVE CVE-2021-22960 page https://www.suse.com/security/cve/CVE-2021-22960/
CVE SUSE CVE CVE-2021-37701 page https://www.suse.com/security/cve/CVE-2021-37701/
CVE SUSE CVE CVE-2021-37712 page https://www.suse.com/security/cve/CVE-2021-37712/
CVE SUSE CVE CVE-2021-37713 page https://www.suse.com/security/cve/CVE-2021-37713/
CVE SUSE CVE CVE-2021-39134 page https://www.suse.com/security/cve/CVE-2021-39134/
CVE SUSE CVE CVE-2021-39135 page https://www.suse.com/security/cve/CVE-2021-39135/
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/opensuse/npm12?arch=x86_64&distro=opensuse-leap-15.2 opensuse npm12 < 12.22.7-lp152.3.21.1 opensuse-leap-15.2 x86_64
Affected pkg:rpm/opensuse/npm12?arch=i586&distro=opensuse-leap-15.2 opensuse npm12 < 12.22.7-lp152.3.21.1 opensuse-leap-15.2 i586
Affected pkg:rpm/opensuse/nodejs12?arch=x86_64&distro=opensuse-leap-15.2 opensuse nodejs12 < 12.22.7-lp152.3.21.1 opensuse-leap-15.2 x86_64
Affected pkg:rpm/opensuse/nodejs12?arch=i586&distro=opensuse-leap-15.2 opensuse nodejs12 < 12.22.7-lp152.3.21.1 opensuse-leap-15.2 i586
Affected pkg:rpm/opensuse/nodejs12-docs?arch=noarch&distro=opensuse-leap-15.2 opensuse nodejs12-docs < 12.22.7-lp152.3.21.1 opensuse-leap-15.2 noarch
Affected pkg:rpm/opensuse/nodejs12-devel?arch=x86_64&distro=opensuse-leap-15.2 opensuse nodejs12-devel < 12.22.7-lp152.3.21.1 opensuse-leap-15.2 x86_64
Affected pkg:rpm/opensuse/nodejs12-devel?arch=i586&distro=opensuse-leap-15.2 opensuse nodejs12-devel < 12.22.7-lp152.3.21.1 opensuse-leap-15.2 i586
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date