[SUSE-SU-2024:1301-1] Security update for nodejs20
Severity
Important
Affected Packages
17
CVEs
5
Security update for nodejs20
This update for nodejs20 fixes the following issues:
Update to 20.12.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
- ID
- SUSE-SU-2024:1301-1
- Severity
- important
- URL
- https://www.suse.com/support/update/announcement/2024/suse-su-20241301-1/
- Published
-
2024-04-16T01:33:32
(5 months ago) - Modified
-
2024-04-16T01:33:32
(5 months ago) - Rights
- Copyright 2024 SUSE LLC. All rights reserved.
- Other Advisories
-
- ALAS2-2024-2474
- ALPINE:CVE-2024-24806
- ALPINE:CVE-2024-27982
- ALPINE:CVE-2024-27983
- ALSA-2024:2778
- ALSA-2024:2779
- ALSA-2024:2780
- ALSA-2024:2853
- ALSA-2024:2910
- ALSA-2024:4247
- ALSA-2024:4756
- DSA-5638-1
- ELSA-2024-2778
- ELSA-2024-2779
- ELSA-2024-2780
- ELSA-2024-2853
- ELSA-2024-2910
- ELSA-2024-4247
- ELSA-2024-4756
- FEDORA-2024-2f15e6e876
- FEDORA-2024-2ffe03eaa6
- FEDORA-2024-5dc487ee89
- FEDORA-2024-6d9c1da54f
- FEDORA-2024-a5dc987f91
- FEDORA-2024-ad51aa23c3
- FEDORA-2024-e28ccc9c17
- FEDORA-2024-f83b123d63
- NPM:GHSA-9QXR-QJ54-H672
- NPM:GHSA-M4V8-WQVR-P9F7
- RHSA-2024:2778
- RHSA-2024:2779
- RHSA-2024:2780
- RHSA-2024:2853
- RHSA-2024:2910
- RHSA-2024:4247
- RHSA-2024:4756
- RLSA-2024:2910
- SSA:2024-051-02
- SUSE-SU-2024:0643-1
- SUSE-SU-2024:0644-1
- SUSE-SU-2024:0728-1
- SUSE-SU-2024:0729-1
- SUSE-SU-2024:0730-1
- SUSE-SU-2024:0731-1
- SUSE-SU-2024:0732-1
- SUSE-SU-2024:0733-1
- SUSE-SU-2024:1305-1
- SUSE-SU-2024:1306-1
- SUSE-SU-2024:1307-1
- SUSE-SU-2024:1308-1
- SUSE-SU-2024:1309-1
- SUSE-SU-2024:1346-1
- SUSE-SU-2024:1355-1
- SUSE-SU-2024:1836-1
- USN-6666-1
- VU:421644
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/suse/npm20?arch=x86_64&distro=opensuse-leap-15.5 | suse | npm20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | x86_64 | |
Affected | pkg:rpm/suse/npm20?arch=s390x&distro=opensuse-leap-15.5 | suse | npm20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | s390x | |
Affected | pkg:rpm/suse/npm20?arch=ppc64le&distro=opensuse-leap-15.5 | suse | npm20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | ppc64le | |
Affected | pkg:rpm/suse/npm20?arch=aarch64&distro=opensuse-leap-15.5 | suse | npm20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | aarch64 | |
Affected | pkg:rpm/suse/nodejs20?arch=x86_64&distro=opensuse-leap-15.5 | suse | nodejs20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | x86_64 | |
Affected | pkg:rpm/suse/nodejs20?arch=s390x&distro=opensuse-leap-15.5 | suse | nodejs20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | s390x | |
Affected | pkg:rpm/suse/nodejs20?arch=ppc64le&distro=opensuse-leap-15.5 | suse | nodejs20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | ppc64le | |
Affected | pkg:rpm/suse/nodejs20?arch=aarch64&distro=opensuse-leap-15.5 | suse | nodejs20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | aarch64 | |
Affected | pkg:rpm/suse/nodejs20-docs?arch=noarch&distro=opensuse-leap-15.5 | suse | nodejs20-docs | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | noarch | |
Affected | pkg:rpm/suse/nodejs20-devel?arch=x86_64&distro=opensuse-leap-15.5 | suse | nodejs20-devel | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | x86_64 | |
Affected | pkg:rpm/suse/nodejs20-devel?arch=s390x&distro=opensuse-leap-15.5 | suse | nodejs20-devel | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | s390x | |
Affected | pkg:rpm/suse/nodejs20-devel?arch=ppc64le&distro=opensuse-leap-15.5 | suse | nodejs20-devel | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | ppc64le | |
Affected | pkg:rpm/suse/nodejs20-devel?arch=aarch64&distro=opensuse-leap-15.5 | suse | nodejs20-devel | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | aarch64 | |
Affected | pkg:rpm/suse/corepack20?arch=x86_64&distro=opensuse-leap-15.5 | suse | corepack20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | x86_64 | |
Affected | pkg:rpm/suse/corepack20?arch=s390x&distro=opensuse-leap-15.5 | suse | corepack20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | s390x | |
Affected | pkg:rpm/suse/corepack20?arch=ppc64le&distro=opensuse-leap-15.5 | suse | corepack20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | ppc64le | |
Affected | pkg:rpm/suse/corepack20?arch=aarch64&distro=opensuse-leap-15.5 | suse | corepack20 | < 20.12.1-150500.11.9.2 | opensuse-leap-15.5 | aarch64 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |