SUSE-SU-2021:0224-1

Опубликовано: 26 янв. 2021

Источник: suse-cvrf

Описание

Security update for nodejs8

This update for nodejs8 fixes the following issue:

CVE-2020-8287: Fixed an HTTP request smuggling vulnerability (bsc#1180554).

Список пакетов

SUSE Enterprise Storage 6

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise High Performance Computing 15-ESPOS

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise High Performance Computing 15-LTSS

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise Server 15 SP1-BCL

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise Server 15 SP1-LTSS

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise Server 15-LTSS

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise Server for SAP Applications 15

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Linux Enterprise Server for SAP Applications 15 SP1

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Manager Proxy 4.0

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Manager Retail Branch Server 4.0

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

SUSE Manager Server 4.0

nodejs8-8.17.0-3.42.2

nodejs8-devel-8.17.0-3.42.2

nodejs8-docs-8.17.0-3.42.2

npm8-8.17.0-3.42.2

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20210224-1/
Link for SUSE-SU-2021:0224-1
https://lists.suse.com/pipermail/sle-security-updates/2021-January/008247.html
E-Mail link for SUSE-SU-2021:0224-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1180554
SUSE Bug 1180554
https://www.suse.com/security/cve/CVE-2020-8287/
SUSE CVE CVE-2020-8287 page

Описание

Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding header fields). In this case, Node.js identifies the first header field and ignores the second. This can lead to HTTP Request Smuggling.

Затронутые продукты

SUSE Enterprise Storage 6:nodejs8-8.17.0-3.42.2

SUSE Enterprise Storage 6:nodejs8-devel-8.17.0-3.42.2

SUSE Enterprise Storage 6:nodejs8-docs-8.17.0-3.42.2

SUSE Enterprise Storage 6:npm8-8.17.0-3.42.2

Ссылки

https://www.suse.com/security/cve/CVE-2020-8287.html
CVE-2020-8287
https://bugzilla.suse.com/1180554
SUSE Bug 1180554

SUSE-SU-2021:0224-1

Описание

Список пакетов

SUSE Enterprise Storage 6

SUSE Linux Enterprise High Performance Computing 15 SP1-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15-ESPOS

SUSE Linux Enterprise High Performance Computing 15-LTSS

SUSE Linux Enterprise Server 15 SP1-BCL

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15-LTSS

SUSE Linux Enterprise Server for SAP Applications 15

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Manager Proxy 4.0

SUSE Manager Retail Branch Server 4.0

SUSE Manager Server 4.0

Ссылки

Уязвимость: CVE-2020-8287

Описание

Затронутые продукты

Ссылки