[SUSE-SU-2021:3964-1] Security update for nodejs14

Severity Important

CVEs 7

Security update for nodejs14

This update for nodejs14 fixes the following issues:

nodejs14 was updated to 14.18.1:

deps: update llhttp to 2.1.4
- HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959)
- HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960)

Changes in 14.18.0:

buffer:
- introduce Blob
- add base64url encoding option
child_process:
- allow options.cwd receive a URL
- add timeout to spawn and fork
- allow promisified exec to be cancel
- add 'overlapped' stdio flag
dns: add 'tries' option to Resolve options
fs:
- allow empty string for temp directory prefix
- allow no-params fsPromises fileHandle read
- add support for async iterators to fsPromises.writeFile
http2: add support for sensitive headers
process: add 'worker' event
tls: allow reading data into a static buffer
worker: add setEnvironmentData/getEnvironmentData

Changes in 14.17.6

deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135)

ID

SUSE-SU-2021:3964-1

Severity

important

URL

Published

2021-12-07T07:57:42
(2 years ago)

Modified

2021-12-07T07:57:42
(2 years ago)

Rights

Other Advisories

Source	Name	URL
Suse	SUSE ratings	https://www.suse.com/support/security/rating/
Suse	URL of this CSAF notice	https://ftp.suse.com/pub/projects/security/csaf/suse-su-2021_3964-1.json
Suse	URL for SUSE-SU-2021:3964-1	https://www.suse.com/support/update/announcement/2021/suse-su-20213964-1/
Suse	E-Mail link for SUSE-SU-2021:3964-1	https://lists.suse.com/pipermail/sle-security-updates/2021-December/009869.html
Bugzilla	SUSE Bug 1190053	https://bugzilla.suse.com/1190053
Bugzilla	SUSE Bug 1190054	https://bugzilla.suse.com/1190054
Bugzilla	SUSE Bug 1190055	https://bugzilla.suse.com/1190055
Bugzilla	SUSE Bug 1190056	https://bugzilla.suse.com/1190056
Bugzilla	SUSE Bug 1190057	https://bugzilla.suse.com/1190057
Bugzilla	SUSE Bug 1191601	https://bugzilla.suse.com/1191601
Bugzilla	SUSE Bug 1191602	https://bugzilla.suse.com/1191602
CVE	SUSE CVE CVE-2021-22959 page	https://www.suse.com/security/cve/CVE-2021-22959/
CVE	SUSE CVE CVE-2021-22960 page	https://www.suse.com/security/cve/CVE-2021-22960/
CVE	SUSE CVE CVE-2021-37701 page	https://www.suse.com/security/cve/CVE-2021-37701/
CVE	SUSE CVE CVE-2021-37712 page	https://www.suse.com/security/cve/CVE-2021-37712/
CVE	SUSE CVE CVE-2021-37713 page	https://www.suse.com/security/cve/CVE-2021-37713/
CVE	SUSE CVE CVE-2021-39134 page	https://www.suse.com/security/cve/CVE-2021-39134/
CVE	SUSE CVE CVE-2021-39135 page	https://www.suse.com/security/cve/CVE-2021-39135/

# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	Exploits	PoC	Pubblication Date	Modification Date
# CVE	Description	CVSS	EPSS	EPSS Trend (30 days)	Affected Products	Weaknesses	Security Advisories	PoC	Pubblication Date	Modification Date