Описание
Security update for nodejs8
This update for nodejs8 fixes the following issues:
Security issues fixed:
- CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104).
- CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102).
- CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103).
Список пакетов
SUSE Linux Enterprise High Performance Computing 15-ESPOS
nodejs8-8.17.0-3.28.1
nodejs8-devel-8.17.0-3.28.1
nodejs8-docs-8.17.0-3.28.1
npm8-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-LTSS
nodejs8-8.17.0-3.28.1
nodejs8-devel-8.17.0-3.28.1
nodejs8-docs-8.17.0-3.28.1
npm8-8.17.0-3.28.1
SUSE Linux Enterprise Module for Web and Scripting 15
nodejs8-8.17.0-3.28.1
nodejs8-devel-8.17.0-3.28.1
nodejs8-docs-8.17.0-3.28.1
npm8-8.17.0-3.28.1
SUSE Linux Enterprise Module for Web and Scripting 15 SP1
nodejs8-8.17.0-3.28.1
nodejs8-devel-8.17.0-3.28.1
nodejs8-docs-8.17.0-3.28.1
npm8-8.17.0-3.28.1
SUSE Linux Enterprise Server 15-LTSS
nodejs8-8.17.0-3.28.1
nodejs8-devel-8.17.0-3.28.1
nodejs8-docs-8.17.0-3.28.1
npm8-8.17.0-3.28.1
SUSE Linux Enterprise Server for SAP Applications 15
nodejs8-8.17.0-3.28.1
nodejs8-devel-8.17.0-3.28.1
nodejs8-docs-8.17.0-3.28.1
npm8-8.17.0-3.28.1
Ссылки
- Link for SUSE-SU-2020:0454-1
- E-Mail link for SUSE-SU-2020:0454-1
- SUSE Security Ratings
- SUSE Bug 1163102
- SUSE Bug 1163103
- SUSE Bug 1163104
- SUSE CVE CVE-2019-15604 page
- SUSE CVE CVE-2019-15605 page
- SUSE CVE CVE-2019-15606 page
Описание
Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-devel-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-docs-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:npm8-8.17.0-3.28.1
Ссылки
- CVE-2019-15604
- SUSE Bug 1163104
Описание
HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-devel-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-docs-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:npm8-8.17.0-3.28.1
Ссылки
- CVE-2019-15605
- SUSE Bug 1163102
Описание
Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons
Затронутые продукты
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-devel-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:nodejs8-docs-8.17.0-3.28.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS:npm8-8.17.0-3.28.1
Ссылки
- CVE-2019-15606
- SUSE Bug 1163103