[openSUSE-SU-2021:3964-1] Security update for nodejs14
Severity
Important
Affected Packages
13
CVEs
7
Security update for nodejs14
This update for nodejs14 fixes the following issues:
nodejs14 was updated to 14.18.1:
deps: update llhttp to 2.1.4
- HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959)
- HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960)
Changes in 14.18.0:
buffer:
- introduce Blob
- add base64url encoding option
child_process:
- allow options.cwd receive a URL
- add timeout to spawn and fork
- allow promisified exec to be cancel
- add 'overlapped' stdio flag
dns: add 'tries' option to Resolve options
fs:
- allow empty string for temp directory prefix
- allow no-params fsPromises fileHandle read
- add support for async iterators to fsPromises.writeFile
http2: add support for sensitive headers
process: add 'worker' event
tls: allow reading data into a static buffer
worker: add setEnvironmentData/getEnvironmentData
Changes in 14.17.6
- deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135)
- ID
- openSUSE-SU-2021:3964-1
- Severity
- important
- URL
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/EB6I33SJCMQ2K7LAKKPS54HRXSB7FQXG/
- Published
-
2021-12-07T07:57:43
(2 years ago) - Modified
-
2021-12-07T07:57:43
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
-
ALPINE:CVE-2021-22959
-
ALPINE:CVE-2021-22960
-
ALPINE:CVE-2021-37701
-
ALPINE:CVE-2021-37712
-
ALPINE:CVE-2021-37713
-
ALPINE:CVE-2021-39134
-
ALPINE:CVE-2021-39135
-
ALSA-2021:5171
-
ALSA-2022:0350
-
ASA-202110-4
-
DSA-5008-1
-
DSA-5170-1
-
ELSA-2021-5171
-
ELSA-2022-0350
-
FEDORA-2021-9807b754d9
-
FEDORA-2021-9818cabe0d
-
FEDORA-2021-cbad295a90
-
FREEBSD:7062BCE0-1B17-11EC-9D9D-0022489AD614
-
FREEBSD:A9C5E89D-2D15-11EC-8363-0022489AD614
-
GLSA-202405-29
-
NPM:GHSA-2H3H-Q99F-3FHC
-
NPM:GHSA-5955-9WPR-37JH
-
NPM:GHSA-9R2W-394V-53QC
-
NPM:GHSA-GMW6-94GG-2RC2
-
NPM:GHSA-QQ89-HQ3F-393P
-
openSUSE-SU-2021:1552-1
-
openSUSE-SU-2021:1574-1
-
openSUSE-SU-2021:3940-1
-
RHEA-2022:5139
-
RHSA-2021:5171
-
RHSA-2022:0350
-
RLEA-2022:5139
-
RLSA-2021:5171
-
RLSA-2022:0350
-
SUSE-SU-2021:3886-1
-
SUSE-SU-2021:3940-1
-
SUSE-SU-2021:3964-1
-
SUSE-SU-2022:0101-1
-
SUSE-SU-2022:2855-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Affected | pkg:rpm/opensuse/npm14?arch=x86_64&distro=opensuse-leap-15.3 | opensuse |
 npm14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | x86_64 | |
| Affected | pkg:rpm/opensuse/npm14?arch=s390x&distro=opensuse-leap-15.3 | opensuse |
npm14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | s390x | |
| Affected | pkg:rpm/opensuse/npm14?arch=ppc64le&distro=opensuse-leap-15.3 | opensuse |
npm14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | ppc64le | |
| Affected | pkg:rpm/opensuse/npm14?arch=aarch64&distro=opensuse-leap-15.3 | opensuse |
npm14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | aarch64 | |
| Affected | pkg:rpm/opensuse/nodejs14?arch=x86_64&distro=opensuse-leap-15.3 | opensuse |
nodejs14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | x86_64 | |
| Affected | pkg:rpm/opensuse/nodejs14?arch=s390x&distro=opensuse-leap-15.3 | opensuse |
nodejs14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | s390x | |
| Affected | pkg:rpm/opensuse/nodejs14?arch=ppc64le&distro=opensuse-leap-15.3 | opensuse |
nodejs14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | ppc64le | |
| Affected | pkg:rpm/opensuse/nodejs14?arch=aarch64&distro=opensuse-leap-15.3 | opensuse |
nodejs14
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | aarch64 | |
| Affected | pkg:rpm/opensuse/nodejs14-docs?arch=noarch&distro=opensuse-leap-15.3 | opensuse |
nodejs14-docs
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | noarch | |
| Affected | pkg:rpm/opensuse/nodejs14-devel?arch=x86_64&distro=opensuse-leap-15.3 | opensuse |
nodejs14-devel
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | x86_64 | |
| Affected | pkg:rpm/opensuse/nodejs14-devel?arch=s390x&distro=opensuse-leap-15.3 | opensuse |
nodejs14-devel
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | s390x | |
| Affected | pkg:rpm/opensuse/nodejs14-devel?arch=ppc64le&distro=opensuse-leap-15.3 | opensuse |
nodejs14-devel
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | ppc64le | |
| Affected | pkg:rpm/opensuse/nodejs14-devel?arch=aarch64&distro=opensuse-leap-15.3 | opensuse |
nodejs14-devel
|
< 14.18.1-15.21.2 | opensuse-leap-15.3 | aarch64 |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |