SUSE-SU-2021:3211-1
- Source
- https://www.suse.com/support/update/announcement/2021/suse-su-20213211-1/
- Import Source
- https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2021:3211-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/SUSE-SU-2021:3211-1
- Related
- Published
- 2021-09-23T14:22:00Z
- Modified
- 2021-09-23T14:22:00Z
- Summary
- Security update for nodejs14
- Details
-
This update for nodejs14 fixes the following issues:
- CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881).
- CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370).
- CVE-2021-22940: Use after free on close http2 on stream canceling (bsc#1189368)
- CVE-2021-22939: Incomplete validation of rejectUnauthorized parameter (bsc#1189369)
- CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917).
- References
-
- https://www.suse.com/support/update/announcement/2021/suse-su-20213211-1/
- https://bugzilla.suse.com/1188881
- https://bugzilla.suse.com/1188917
- https://bugzilla.suse.com/1189368
- https://bugzilla.suse.com/1189369
- https://bugzilla.suse.com/1189370
- https://www.suse.com/security/cve/CVE-2021-22930
- https://www.suse.com/security/cve/CVE-2021-22931
- https://www.suse.com/security/cve/CVE-2021-22939
- https://www.suse.com/security/cve/CVE-2021-22940
- https://www.suse.com/security/cve/CVE-2021-3672
Affected packages
SUSE:Linux Enterprise Module for Web and Scripting 15 SP2 / nodejs14
Package
- Name
- nodejs14
- Purl
- purl:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2