SUSE-SU-2022:1466-1

Опубликовано: 29 апр. 2022

Источник: suse-cvrf

Описание

Security update for nodejs12

This update for nodejs12 fixes the following issues:

CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247).
CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283).
CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

nodejs12-12.22.12-1.48.1

nodejs12-devel-12.22.12-1.48.1

nodejs12-docs-12.22.12-1.48.1

npm12-12.22.12-1.48.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20221466-1/
Link for SUSE-SU-2022:1466-1
https://lists.suse.com/pipermail/sle-security-updates/2022-April/010896.html
E-Mail link for SUSE-SU-2022:1466-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1194819
SUSE Bug 1194819
https://bugzilla.suse.com/1197283
SUSE Bug 1197283
https://bugzilla.suse.com/1198247
SUSE Bug 1198247
https://www.suse.com/security/cve/CVE-2021-44906/
SUSE CVE CVE-2021-44906 page
https://www.suse.com/security/cve/CVE-2021-44907/
SUSE CVE CVE-2021-44907 page
https://www.suse.com/security/cve/CVE-2022-0235/
SUSE CVE CVE-2022-0235 page

Описание

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.22.12-1.48.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-44906.html
CVE-2021-44906
https://bugzilla.suse.com/1198247
SUSE Bug 1198247

Описание

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.22.12-1.48.1

Ссылки

https://www.suse.com/security/cve/CVE-2021-44907.html
CVE-2021-44907
https://bugzilla.suse.com/1197283
SUSE Bug 1197283

Описание

node-fetch is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.22.12-1.48.1

SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.22.12-1.48.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-0235.html
CVE-2022-0235
https://bugzilla.suse.com/1194819
SUSE Bug 1194819

SUSE-SU-2022:1466-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

Ссылки

Уязвимость: CVE-2021-44906

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2021-44907

Описание

Затронутые продукты

Ссылки

Уязвимость: CVE-2022-0235

Описание

Затронутые продукты

Ссылки