SUSE-SU-2023:1871-1

Опубликовано: 17 апр. 2023

Источник: suse-cvrf

Описание

Security update for nodejs10

This update for nodejs10 fixes the following issues:

CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744).

Список пакетов

SUSE Enterprise Storage 7

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

SUSE Linux Enterprise Server 15 SP1-LTSS

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

SUSE Linux Enterprise Server 15 SP2-LTSS

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

openSUSE Leap 15.4

nodejs10-10.24.1-150000.1.59.1

nodejs10-devel-10.24.1-150000.1.59.1

nodejs10-docs-10.24.1-150000.1.59.1

npm10-10.24.1-150000.1.59.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20231871-1/
Link for SUSE-SU-2023:1871-1
https://lists.suse.com/pipermail/sle-security-updates/2023-April/014476.html
E-Mail link for SUSE-SU-2023:1871-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208744
SUSE Bug 1208744
https://www.suse.com/security/cve/CVE-2022-25881/
SUSE CVE CVE-2022-25881 page

Описание

This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.

Затронутые продукты

SUSE Enterprise Storage 7:nodejs10-10.24.1-150000.1.59.1

SUSE Enterprise Storage 7:nodejs10-devel-10.24.1-150000.1.59.1

SUSE Enterprise Storage 7:nodejs10-docs-10.24.1-150000.1.59.1

SUSE Enterprise Storage 7:npm10-10.24.1-150000.1.59.1

Ссылки

https://www.suse.com/security/cve/CVE-2022-25881.html
CVE-2022-25881
https://bugzilla.suse.com/1208744
SUSE Bug 1208744

SUSE-SU-2023:1871-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2022-25881

Описание

Затронутые продукты

Ссылки