1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2020:1606-1

[SUSE-SU-2020:1606-1] Security update for nodejs12

Severity Critical
CVEs 4
Info References Vulnerabilities

Security update for nodejs12

This update for nodejs12 fixes the following issues:

nodejs12 was updated to version 12.18.0

  • CVE-2020-8174: Fixed multiple memory corruption in napi_get_value_string_*() (bsc#1172443).
  • CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass (bsc#1172441).
  • CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames (bsc#1172442).

npm was updated to 6.13.6

  • CVE-2020-7598: Fixed an issue which could have tricked minimist into adding or modifying properties of Object.prototype (bsc#1166916).
ID
SUSE-SU-2020:1606-1
Severity
critical
URL
https://www.suse.com/support/update/announcement/2020/suse-su-20201606-1/
Published
2020-06-11T10:10:55
(4 years ago)
Modified
2020-06-11T10:10:55
(4 years ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date