1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2019:2259-1

[SUSE-SU-2019:2259-1] Security update for nodejs10

Severity Important
CVEs 8
Info References Vulnerabilities

Security update for nodejs10

This update for nodejs10 to version 10.16.3 fixes the following issues:

Security issues fixed:

  • CVE-2019-9511: Fixed HTTP/2 implementations that are vulnerable to window size manipulation and stream prioritization manipulation, potentially leading to a denial of service (bsc#1146091).
  • CVE-2019-9512: Fixed HTTP/2 flood using PING frames results in unbounded memory growth (bsc#1146099).
  • CVE-2019-9513: Fixed HTTP/2 implementation that is vulnerable to resource loops, potentially leading to a denial of service. (bsc#1146094).
  • CVE-2019-9514: Fixed HTTP/2 implementation that is vulnerable to a reset flood, potentially leading to a denial of service (bsc#1146095).
  • CVE-2019-9515: Fixed HTTP/2 flood using SETTINGS frames results in unbounded memory growth (bsc#1146100).
  • CVE-2019-9516: Fixed HTTP/2 implementation that is vulnerable to a header leak, potentially leading to a denial of service (bsc#1146090).
  • CVE-2019-9517: Fixed HTTP/2 implementations that are vulnerable to unconstrained interal data buffering (bsc#1146097).
  • CVE-2019-9518: Fixed HTTP/2 implementation that is vulnerable to a flood of empty frames, potentially leading to a denial of service (bsc#1146093).
ID
SUSE-SU-2019:2259-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2019/suse-su-20192259-1/
Published
2019-09-02T07:04:04
(5 years ago)
Modified
2019-09-02T07:04:04
(5 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Source # ID Name URL
Suse SUSE ratings https://www.suse.com/support/security/rating/
Suse URL of this CSAF notice https://ftp.suse.com/pub/projects/security/csaf/suse-su-2019_2259-1.json
Suse URL for SUSE-SU-2019:2259-1 https://www.suse.com/support/update/announcement/2019/suse-su-20192259-1/
Suse E-Mail link for SUSE-SU-2019:2259-1 https://lists.suse.com/pipermail/sle-security-updates/2019-September/005863.html
Bugzilla SUSE Bug 1146090 https://bugzilla.suse.com/1146090
Bugzilla SUSE Bug 1146091 https://bugzilla.suse.com/1146091
Bugzilla SUSE Bug 1146093 https://bugzilla.suse.com/1146093
Bugzilla SUSE Bug 1146094 https://bugzilla.suse.com/1146094
Bugzilla SUSE Bug 1146095 https://bugzilla.suse.com/1146095
Bugzilla SUSE Bug 1146097 https://bugzilla.suse.com/1146097
Bugzilla SUSE Bug 1146099 https://bugzilla.suse.com/1146099
Bugzilla SUSE Bug 1146100 https://bugzilla.suse.com/1146100
CVE SUSE CVE CVE-2019-9511 page https://www.suse.com/security/cve/CVE-2019-9511/
CVE SUSE CVE CVE-2019-9512 page https://www.suse.com/security/cve/CVE-2019-9512/
CVE SUSE CVE CVE-2019-9513 page https://www.suse.com/security/cve/CVE-2019-9513/
CVE SUSE CVE CVE-2019-9514 page https://www.suse.com/security/cve/CVE-2019-9514/
CVE SUSE CVE CVE-2019-9515 page https://www.suse.com/security/cve/CVE-2019-9515/
CVE SUSE CVE CVE-2019-9516 page https://www.suse.com/security/cve/CVE-2019-9516/
CVE SUSE CVE CVE-2019-9517 page https://www.suse.com/security/cve/CVE-2019-9517/
CVE SUSE CVE CVE-2019-9518 page https://www.suse.com/security/cve/CVE-2019-9518/
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date