SUSE-SU-2020:3549-1

Опубликовано: 27 нояб. 2020

Источник: suse-cvrf

Описание

Security update for nodejs12

This update for nodejs12 fixes the following issues:

Update to 12.19.1 fixing:

CVE-2020-8277: Denial of Service through DNS request (bsc#1178882).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

nodejs12-12.19.1-1.23.1

nodejs12-devel-12.19.1-1.23.1

nodejs12-docs-12.19.1-1.23.1

npm12-12.19.1-1.23.1

Ссылки

https://www.suse.com/support/update/announcement/2020/suse-su-20203549-1/
Link for SUSE-SU-2020:3549-1
https://lists.suse.com/pipermail/sle-security-updates/2020-November/007886.html
E-Mail link for SUSE-SU-2020:3549-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1178882
SUSE Bug 1178882
https://www.suse.com/security/cve/CVE-2020-8277/
SUSE CVE CVE-2020-8277 page

Описание

A Node.js application that allows an attacker to trigger a DNS request for a host of their choice could trigger a Denial of Service in versions < 15.2.1, < 14.15.1, and < 12.19.1 by getting the application to resolve a DNS record with a larger number of responses. This is fixed in 15.2.1, 14.15.1, and 12.19.1.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.19.1-1.23.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.19.1-1.23.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.19.1-1.23.1

SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.19.1-1.23.1

Ссылки

https://www.suse.com/security/cve/CVE-2020-8277.html
CVE-2020-8277
https://bugzilla.suse.com/1178882
SUSE Bug 1178882

SUSE-SU-2020:3549-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

Ссылки

Уязвимость: CVE-2020-8277

Описание

Затронутые продукты

Ссылки