[SUSE-SU-2021:3964-1] Security update for nodejs14
Severity
Important
CVEs
7
Security update for nodejs14
This update for nodejs14 fixes the following issues:
nodejs14 was updated to 14.18.1:
deps: update llhttp to 2.1.4
- HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959)
- HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960)
Changes in 14.18.0:
buffer:
- introduce Blob
- add base64url encoding option
child_process:
- allow options.cwd receive a URL
- add timeout to spawn and fork
- allow promisified exec to be cancel
- add 'overlapped' stdio flag
dns: add 'tries' option to Resolve options
fs:
- allow empty string for temp directory prefix
- allow no-params fsPromises fileHandle read
- add support for async iterators to fsPromises.writeFile
http2: add support for sensitive headers
process: add 'worker' event
tls: allow reading data into a static buffer
worker: add setEnvironmentData/getEnvironmentData
Changes in 14.17.6
- deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135)
- ID
- SUSE-SU-2021:3964-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2021/suse-su-20213964-1/
- Published
-
2021-12-07T07:57:42
(2 years ago) - Modified
-
2021-12-07T07:57:42
(2 years ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALPINE:CVE-2021-22959
- ALPINE:CVE-2021-22960
- ALPINE:CVE-2021-37701
- ALPINE:CVE-2021-37712
- ALPINE:CVE-2021-37713
- ALPINE:CVE-2021-39134
- ALPINE:CVE-2021-39135
- ALSA-2021:5171
- ALSA-2022:0350
- ASA-202110-4
- DSA-5008-1
- DSA-5170-1
- ELSA-2021-5171
- ELSA-2022-0350
- FEDORA-2021-9807b754d9
- FEDORA-2021-9818cabe0d
- FEDORA-2021-cbad295a90
- FREEBSD:7062BCE0-1B17-11EC-9D9D-0022489AD614
- FREEBSD:A9C5E89D-2D15-11EC-8363-0022489AD614
- GLSA-202405-29
- NPM:GHSA-2H3H-Q99F-3FHC
- NPM:GHSA-5955-9WPR-37JH
- NPM:GHSA-9R2W-394V-53QC
- NPM:GHSA-GMW6-94GG-2RC2
- NPM:GHSA-QQ89-HQ3F-393P
- openSUSE-SU-2021:1552-1
- openSUSE-SU-2021:1574-1
- openSUSE-SU-2021:3940-1
- openSUSE-SU-2021:3964-1
- RHEA-2022:5139
- RHSA-2021:5171
- RHSA-2022:0350
- RLEA-2022:5139
- RLSA-2021:5171
- RLSA-2022:0350
- SUSE-SU-2021:3886-1
- SUSE-SU-2021:3940-1
- SUSE-SU-2022:0101-1
- SUSE-SU-2022:2855-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |