[SUSE-SU-2024:0733-1] Security update for nodejs12
Severity
Important
Affected Packages
26
CVEs
4
Security update for nodejs12
This update for nodejs12 fixes the following issues:
Security issues fixed:
- CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
- CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993).
- CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014).
- CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks (bsc#1219724).
- ID
- SUSE-SU-2024:0733-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20240733-1/
- Published
-
2024-02-29T12:02:13
(6 months ago) - Modified
-
2024-02-29T12:02:13
(6 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2024-2474
- ALPINE:CVE-2024-24806
- ALSA-2024:1438
- ALSA-2024:1444
- ALSA-2024:1503
- ALSA-2024:1510
- ALSA-2024:1687
- ALSA-2024:1688
- ALSA-2024:2778
- ALSA-2024:2779
- ALSA-2024:2780
- ALSA-2024:2853
- ALSA-2024:2910
- ALSA-2024:4247
- ALSA-2024:4756
- DSA-5638-1
- ELSA-2024-1438
- ELSA-2024-1444
- ELSA-2024-1503
- ELSA-2024-1510
- ELSA-2024-1687
- ELSA-2024-1688
- ELSA-2024-2778
- ELSA-2024-2779
- ELSA-2024-2780
- ELSA-2024-2853
- ELSA-2024-2910
- ELSA-2024-4247
- ELSA-2024-4756
- FREEBSD:77A6F1C9-D7D2-11EE-BB12-001B217B3468
- RHSA-2024:1438
- RHSA-2024:1444
- RHSA-2024:1503
- RHSA-2024:1510
- RHSA-2024:1687
- RHSA-2024:1688
- RHSA-2024:2778
- RHSA-2024:2779
- RHSA-2024:2780
- RHSA-2024:2853
- RHSA-2024:2910
- RHSA-2024:4247
- RHSA-2024:4756
- RLSA-2024:2910
- SSA:2024-051-02
- SUSE-SU-2024:0643-1
- SUSE-SU-2024:0644-1
- SUSE-SU-2024:0728-1
- SUSE-SU-2024:0729-1
- SUSE-SU-2024:0730-1
- SUSE-SU-2024:0731-1
- SUSE-SU-2024:0732-1
- SUSE-SU-2024:1301-1
- SUSE-SU-2024:1307-1
- SUSE-SU-2024:1309-1
- USN-6666-1
Source | # ID | Name | URL |
---|---|---|---|
Suse | SUSE ratings | https://www.suse.com/support/security/rating/ | |
Suse | URL of this CSAF notice | https://ftp.suse.com/pub/projects/security/csaf/suse-su-2024_0733-1.json | |
Suse | URL for SUSE-SU-2024:0733-1 | https://www.suse.com/support/update/announcement/2024/suse-su-20240733-1/ | |
Suse | E-Mail link for SUSE-SU-2024:0733-1 | https://lists.suse.com/pipermail/sle-security-updates/2024-February/018074.html | |
Bugzilla | SUSE Bug 1219993 | https://bugzilla.suse.com/1219993 | |
Bugzilla | SUSE Bug 1219997 | https://bugzilla.suse.com/1219997 | |
Bugzilla | SUSE Bug 1220014 | https://bugzilla.suse.com/1220014 | |
Bugzilla | SUSE Bug 1220053 | https://bugzilla.suse.com/1220053 | |
CVE | SUSE CVE CVE-2023-46809 page | https://www.suse.com/security/cve/CVE-2023-46809/ | |
CVE | SUSE CVE CVE-2024-22019 page | https://www.suse.com/security/cve/CVE-2024-22019/ | |
CVE | SUSE CVE CVE-2024-22025 page | https://www.suse.com/security/cve/CVE-2024-22025/ | |
CVE | SUSE CVE CVE-2024-24806 page | https://www.suse.com/security/cve/CVE-2024-24806/ |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/npm12?arch=x86_64&distro=sles-15&sp=3 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/npm12?arch=x86_64&distro=sles-15&sp=2 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/npm12?arch=s390x&distro=sles-15&sp=3 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/npm12?arch=s390x&distro=sles-15&sp=2 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/npm12?arch=ppc64le&distro=sles-15&sp=3 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/npm12?arch=ppc64le&distro=sles-15&sp=2 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/npm12?arch=aarch64&distro=sles-15&sp=3 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/npm12?arch=aarch64&distro=sles-15&sp=2 | suse | npm12 | < 12.22.12-150200.4.56.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/nodejs12?arch=x86_64&distro=sles-15&sp=3 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/nodejs12?arch=x86_64&distro=sles-15&sp=2 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/nodejs12?arch=s390x&distro=sles-15&sp=3 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/nodejs12?arch=s390x&distro=sles-15&sp=2 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/nodejs12?arch=ppc64le&distro=sles-15&sp=3 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/nodejs12?arch=ppc64le&distro=sles-15&sp=2 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/nodejs12?arch=aarch64&distro=sles-15&sp=3 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/nodejs12?arch=aarch64&distro=sles-15&sp=2 | suse | nodejs12 | < 12.22.12-150200.4.56.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/nodejs12-docs?arch=noarch&distro=sles-15&sp=3 | suse | nodejs12-docs | < 12.22.12-150200.4.56.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/nodejs12-docs?arch=noarch&distro=sles-15&sp=2 | suse | nodejs12-docs | < 12.22.12-150200.4.56.1 | sles-15 | noarch | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=x86_64&distro=sles-15&sp=3 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=x86_64&distro=sles-15&sp=2 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | x86_64 | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=s390x&distro=sles-15&sp=3 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=s390x&distro=sles-15&sp=2 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | s390x | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=ppc64le&distro=sles-15&sp=3 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=ppc64le&distro=sles-15&sp=2 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | ppc64le | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=aarch64&distro=sles-15&sp=3 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | aarch64 | |
Affected | pkg:rpm/suse/nodejs12-devel?arch=aarch64&distro=sles-15&sp=2 | suse | nodejs12-devel | < 12.22.12-150200.4.56.1 | sles-15 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |