Описание
Security update for nodejs14
This update for nodejs14 fixes the following issues:
- CVE-2022-25881: Fixed regular expression denial of service vulnerability (bsc#1208744).
Список пакетов
Container bci/node:14
nodejs14-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Enterprise Storage 7
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Enterprise Storage 7.1
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Linux Enterprise Server 15 SP2-LTSS
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Linux Enterprise Server 15 SP3-LTSS
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP2
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Linux Enterprise Server for SAP Applications 15 SP3
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
SUSE Manager Server 4.2
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
openSUSE Leap 15.4
corepack14-14.21.3-150200.15.46.1
nodejs14-14.21.3-150200.15.46.1
nodejs14-devel-14.21.3-150200.15.46.1
nodejs14-docs-14.21.3-150200.15.46.1
npm14-14.21.3-150200.15.46.1
Ссылки
- Link for SUSE-SU-2023:1875-1
- E-Mail link for SUSE-SU-2023:1875-1
- SUSE Security Ratings
- SUSE Bug 1208744
- SUSE CVE CVE-2022-25881 page
Описание
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Затронутые продукты
Container bci/node:14:nodejs14-14.21.3-150200.15.46.1
Container bci/node:14:npm14-14.21.3-150200.15.46.1
SUSE Enterprise Storage 7.1:nodejs14-14.21.3-150200.15.46.1
SUSE Enterprise Storage 7.1:nodejs14-devel-14.21.3-150200.15.46.1
Ссылки
- CVE-2022-25881
- SUSE Bug 1208744