Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

suse-cvrf логотип

openSUSE-SU-2020:0293-1

Опубликовано: 03 мар. 2020
Источник: suse-cvrf

Описание

Security update for nodejs8

This update for nodejs8 fixes the following issues:

Security issues fixed:

  • CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104).
  • CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102).
  • CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103).

This update was imported from the SUSE:SLE-15:Update update project.

Список пакетов

openSUSE Leap 15.1
nodejs8-8.17.0-lp151.2.12.1
nodejs8-devel-8.17.0-lp151.2.12.1
nodejs8-docs-8.17.0-lp151.2.12.1
npm8-8.17.0-lp151.2.12.1

Ссылки

Описание

Improper Certificate Validation in Node.js 10, 12, and 13 causes the process to abort when sending a crafted X.509 certificate

Затронутые продукты
openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:npm8-8.17.0-lp151.2.12.1
Ссылки

Описание

HTTP request smuggling in Node.js 10, 12, and 13 causes malicious payload delivery when transfer-encoding is malformed

Затронутые продукты
openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:npm8-8.17.0-lp151.2.12.1
Ссылки

Описание

Including trailing white space in HTTP header values in Nodejs 10, 12, and 13 causes bypass of authorization based on header value comparisons

Затронутые продукты
openSUSE Leap 15.1:nodejs8-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:nodejs8-devel-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:nodejs8-docs-8.17.0-lp151.2.12.1
openSUSE Leap 15.1:npm8-8.17.0-lp151.2.12.1
Ссылки