SUSE-SU-2021:3294-1

Опубликовано: 06 окт. 2021

Источник: suse-cvrf

Описание

Security update for nodejs8

nodejs8 was updated to fix the following security issues:

CVE-2021-22930: http2: fixes use after free on close in stream canceling (bsc#1188917)

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 15 SP2

nodejs8-8.17.0-10.15.11

nodejs8-devel-8.17.0-10.15.11

nodejs8-docs-8.17.0-10.15.11

npm8-8.17.0-10.15.11

Ссылки

https://www.suse.com/support/update/announcement/2021/suse-su-20213294-1/
Link for SUSE-SU-2021:3294-1
https://lists.suse.com/pipermail/sle-security-updates/2021-October/009535.html
E-Mail link for SUSE-SU-2021:3294-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1188917
SUSE Bug 1188917
https://www.suse.com/security/cve/CVE-2021-22930/
SUSE CVE CVE-2021-22930 page

Описание

Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 15 SP2:nodejs8-8.17.0-10.15.11

SUSE Linux Enterprise Module for Web and Scripting 15 SP2:nodejs8-devel-8.17.0-10.15.11

SUSE Linux Enterprise Module for Web and Scripting 15 SP2:nodejs8-docs-8.17.0-10.15.11

SUSE Linux Enterprise Module for Web and Scripting 15 SP2:npm8-8.17.0-10.15.11

Ссылки

https://www.suse.com/security/cve/CVE-2021-22930.html
CVE-2021-22930
https://bugzilla.suse.com/1188917
SUSE Bug 1188917
https://bugzilla.suse.com/1189368
SUSE Bug 1189368

SUSE-SU-2021:3294-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 15 SP2

Ссылки

Уязвимость: CVE-2021-22930

Описание

Затронутые продукты

Ссылки