SUSE-SU-2022:3989-1

Опубликовано: 15 нояб. 2022

Источник: suse-cvrf

Описание

Security update for nodejs12

This update for nodejs12 fixes the following issues:

CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119).

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

nodejs12-12.22.12-1.57.1

nodejs12-devel-12.22.12-1.57.1

nodejs12-docs-12.22.12-1.57.1

npm12-12.22.12-1.57.1

Ссылки

https://www.suse.com/support/update/announcement/2022/suse-su-20223989-1/
Link for SUSE-SU-2022:3989-1
https://lists.suse.com/pipermail/sle-security-updates/2022-November/012924.html
E-Mail link for SUSE-SU-2022:3989-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1205119
SUSE Bug 1205119
https://www.suse.com/security/cve/CVE-2022-43548/
SUSE CVE CVE-2022-43548 page

Описание

A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks.The fix for this issue in https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32212 was incomplete and this new CVE is to complete the fix.

Затронутые продукты

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-12.22.12-1.57.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel-12.22.12-1.57.1

SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs-12.22.12-1.57.1

SUSE Linux Enterprise Module for Web and Scripting 12:npm12-12.22.12-1.57.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-43548.html
CVE-2022-43548
https://bugzilla.suse.com/1205119
SUSE Bug 1205119

SUSE-SU-2022:3989-1

Описание

Список пакетов

SUSE Linux Enterprise Module for Web and Scripting 12

Ссылки

Уязвимость: CVE-2022-43548

Описание

Затронутые продукты

Ссылки