Описание
Security update for nodejs18
This update for nodejs18 fixes the following issues:
- Update to version 18.18.2
- CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190)
- CVE-2023-45143: Fixed a cookie leakage in undici. (bsc#1216205)
- CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272)
- CVE-2023-39333: Fixed a code injection via WebAssembly export names. (bsc#1216273)
Список пакетов
SUSE Enterprise Storage 7.1
SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS
SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
SUSE Linux Enterprise Server 15 SP3-LTSS
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Server 4.2
Ссылки
- Link for SUSE-SU-2023:4207-1
- E-Mail link for SUSE-SU-2023:4207-1
- SUSE Security Ratings
- SUSE Bug 1216190
- SUSE Bug 1216205
- SUSE Bug 1216272
- SUSE Bug 1216273
- SUSE CVE CVE-2023-38552 page
- SUSE CVE CVE-2023-39333 page
- SUSE CVE CVE-2023-44487 page
- SUSE CVE CVE-2023-45143 page
Описание
When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.
Затронутые продукты
Ссылки
- CVE-2023-38552
- SUSE Bug 1216272
Описание
Maliciously crafted export names in an imported WebAssembly module can inject JavaScript code. The injected code may be able to access data and functions that the WebAssembly module itself does not have access to, similar to as if the WebAssembly module was a JavaScript module. This vulnerability affects users of any active release line of Node.js. The vulnerable feature is only available if Node.js is started with the `--experimental-wasm-modules` command line option.
Затронутые продукты
Ссылки
- CVE-2023-39333
- SUSE Bug 1216273
Описание
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Затронутые продукты
Ссылки
- CVE-2023-44487
- SUSE Bug 1216109
- SUSE Bug 1216123
- SUSE Bug 1216169
- SUSE Bug 1216171
- SUSE Bug 1216174
- SUSE Bug 1216176
- SUSE Bug 1216181
- SUSE Bug 1216182
- SUSE Bug 1216190
Описание
Undici is an HTTP/1.1 client written from scratch for Node.js. Prior to version 5.26.2, Undici already cleared Authorization headers on cross-origin redirects, but did not clear `Cookie` headers. By design, `cookie` headers are forbidden request headers, disallowing them to be set in RequestInit.headers in browser environments. Since undici handles headers more liberally than the spec, there was a disconnect from the assumptions the spec made, and undici's implementation of fetch. As such this may lead to accidental leakage of cookie to a third-party site or a malicious attacker who can control the redirection target (ie. an open redirector) to leak the cookie to the third party site. This was patched in version 5.26.2. There are no known workarounds.
Затронутые продукты
Ссылки
- CVE-2023-45143
- SUSE Bug 1216205