[SUSE-SU-2024:0728-1] Security update for nodejs16
Severity
Important
Affected Packages
13
CVEs
5
Security update for nodejs16
This update for nodejs16 fixes the following issues:
Security issues fixed:
- CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
- CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993).
- CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014).
- CVE-2024-24758: ignore proxy-authorization header (bsc#1220017).
- CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks (bsc#1219724).
- ID
- SUSE-SU-2024:0728-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20240728-1/
- Published
-
2024-02-29T12:00:10
(6 months ago) - Modified
-
2024-02-29T12:00:10
(6 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2024-2474
- ALPINE:CVE-2024-24806
- ALSA-2024:1438
- ALSA-2024:1444
- ALSA-2024:1503
- ALSA-2024:1510
- ALSA-2024:1687
- ALSA-2024:1688
- ALSA-2024:2778
- ALSA-2024:2779
- ALSA-2024:2780
- ALSA-2024:2853
- ALSA-2024:2910
- ALSA-2024:4247
- ALSA-2024:4756
- DSA-5638-1
- ELSA-2024-1438
- ELSA-2024-1444
- ELSA-2024-1503
- ELSA-2024-1510
- ELSA-2024-1687
- ELSA-2024-1688
- ELSA-2024-2778
- ELSA-2024-2779
- ELSA-2024-2780
- ELSA-2024-2853
- ELSA-2024-2910
- ELSA-2024-4247
- ELSA-2024-4756
- FREEBSD:77A6F1C9-D7D2-11EE-BB12-001B217B3468
- NPM:GHSA-3787-6PRV-H9W3
- RHSA-2024:1438
- RHSA-2024:1444
- RHSA-2024:1503
- RHSA-2024:1510
- RHSA-2024:1687
- RHSA-2024:1688
- RHSA-2024:2778
- RHSA-2024:2779
- RHSA-2024:2780
- RHSA-2024:2853
- RHSA-2024:2910
- RHSA-2024:4247
- RHSA-2024:4756
- RLSA-2024:2910
- SSA:2024-051-02
- SUSE-SU-2024:0643-1
- SUSE-SU-2024:0644-1
- SUSE-SU-2024:0729-1
- SUSE-SU-2024:0730-1
- SUSE-SU-2024:0731-1
- SUSE-SU-2024:0732-1
- SUSE-SU-2024:0733-1
- SUSE-SU-2024:1301-1
- SUSE-SU-2024:1307-1
- SUSE-SU-2024:1309-1
- USN-6666-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/npm16?arch=x86_64&distro=sles-15&sp=4 | suse | npm16 | < 16.20.2-150400.3.30.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/npm16?arch=s390x&distro=sles-15&sp=4 | suse | npm16 | < 16.20.2-150400.3.30.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/npm16?arch=ppc64le&distro=sles-15&sp=4 | suse | npm16 | < 16.20.2-150400.3.30.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/npm16?arch=aarch64&distro=sles-15&sp=4 | suse | npm16 | < 16.20.2-150400.3.30.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/nodejs16?arch=x86_64&distro=sles-15&sp=4 | suse | nodejs16 | < 16.20.2-150400.3.30.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/nodejs16?arch=s390x&distro=sles-15&sp=4 | suse | nodejs16 | < 16.20.2-150400.3.30.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/nodejs16?arch=ppc64le&distro=sles-15&sp=4 | suse | nodejs16 | < 16.20.2-150400.3.30.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/nodejs16?arch=aarch64&distro=sles-15&sp=4 | suse | nodejs16 | < 16.20.2-150400.3.30.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/nodejs16-docs?arch=noarch&distro=sles-15&sp=4 | suse | nodejs16-docs | < 16.20.2-150400.3.30.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/nodejs16-devel?arch=x86_64&distro=sles-15&sp=4 | suse | nodejs16-devel | < 16.20.2-150400.3.30.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/nodejs16-devel?arch=s390x&distro=sles-15&sp=4 | suse | nodejs16-devel | < 16.20.2-150400.3.30.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/nodejs16-devel?arch=ppc64le&distro=sles-15&sp=4 | suse | nodejs16-devel | < 16.20.2-150400.3.30.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/nodejs16-devel?arch=aarch64&distro=sles-15&sp=4 | suse | nodejs16-devel | < 16.20.2-150400.3.30.1 | sles-15 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |