Oval Definition:oval:org.opensuse.security:def:1713
Revision Date:2021-12-07Version:1
Title:Security update for nodejs14 (Important)
Description:

This update for nodejs14 fixes the following issues:

nodejs14 was updated to 14.18.1:

deps: update llhttp to 2.1.4

- HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960)

Changes in 14.18.0:

* buffer:

+ introduce Blob + add base64url encoding option

* child_process:

+ allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag

* dns: add 'tries' option to Resolve options * fs:

+ allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile

* http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData

Changes in 14.17.6

* deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135)
Family:unixClass:patch
Status:Reference(s):1160968
1190053
1190054
1190055
1190056
1190057
1191601
1191602
CVE-2015-8216
CVE-2015-8217
CVE-2015-8218
CVE-2015-8219
CVE-2015-8363
CVE-2015-8364
CVE-2015-8365
CVE-2015-8661
CVE-2015-8662
CVE-2015-8663
CVE-2016-10190
CVE-2016-10191
CVE-2016-10192
CVE-2016-1897
CVE-2016-1898
CVE-2017-11399
CVE-2017-11665
CVE-2017-14054
CVE-2017-14055
CVE-2017-14056
CVE-2017-14057
CVE-2017-14058
CVE-2017-14059
CVE-2017-14169
CVE-2017-14170
CVE-2017-14171
CVE-2017-14222
CVE-2017-14223
CVE-2017-14225
CVE-2017-15186
CVE-2017-15672
CVE-2017-16840
CVE-2017-17081
CVE-2017-17555
CVE-2017-2579
CVE-2017-2580
CVE-2017-7859
CVE-2017-7862
CVE-2017-7863
CVE-2017-7865
CVE-2017-7866
CVE-2018-6392
CVE-2018-6621
CVE-2018-8975
CVE-2020-2583
CVE-2020-2583
CVE-2020-2590
CVE-2020-2590
CVE-2020-2593
CVE-2020-2593
CVE-2020-2601
CVE-2020-2601
CVE-2020-2604
CVE-2020-2604
CVE-2020-2654
CVE-2020-2654
CVE-2020-2655
CVE-2020-2655
CVE-2021-22959
CVE-2021-22960
CVE-2021-37701
CVE-2021-37712
CVE-2021-37713
CVE-2021-39134
CVE-2021-39135
SUSE-SU-2020:0213-1
SUSE-SU-2021:3964-1
Platform(s):SUSE Linux Enterprise Build System Kit 12
SUSE Linux Enterprise Desktop 11 SP2
SUSE Linux Enterprise Desktop 11 SP3
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Desktop 12 SP2
SUSE Linux Enterprise Desktop 12 SP3
SUSE Linux Enterprise Desktop 15 SP3
SUSE Linux Enterprise High Availability 12 SP2
SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Basesystem 15 SP1
SUSE Linux Enterprise Module for Basesystem 15 SP2
SUSE Linux Enterprise Module for CAP 15 SP1
SUSE Linux Enterprise Module for Containers 15
SUSE Linux Enterprise Module for Containers 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15
SUSE Linux Enterprise Module for Desktop Applications 15 SP1
SUSE Linux Enterprise Module for Desktop Applications 15 SP3
SUSE Linux Enterprise Module for Development Tools 15
SUSE Linux Enterprise Module for Development Tools 15 SP1
SUSE Linux Enterprise Module for High Performance Computing 15
SUSE Linux Enterprise Module for Legacy Software 15
SUSE Linux Enterprise Module for Live Patching 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP3
SUSE Linux Enterprise Server 11-SECURITY
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Server 12 SP2
SUSE Linux Enterprise Server 12 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Linux Enterprise Software Development Kit 11 SP3
SUSE Linux Enterprise Software Development Kit 11 SP4
SUSE Linux Enterprise Software Development Kit 12
SUSE Linux Enterprise Storage 7.1
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP2
SUSE Linux Enterprise Workstation Extension 15
SUSE Linux Enterprise Workstation Extension 15 SP1
SUSE Manager Proxy 4.2
SUSE Manager Retail Branch Server 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Build System Kit 12 is installed
  • AND kernel-zfcpdump-3.12.32-33 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 is installed
  • AND Package Information
  • compat-openssl098-0.9.8j-66.3 is installed
  • OR libopenssl0_9_8-0.9.8j-66.3 is installed
  • OR libopenssl0_9_8-32bit-0.9.8j-66.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP1 is installed
  • AND Package Information
  • libtasn1-3.7-4 is installed
  • OR libtasn1-6-3.7-4 is installed
  • OR libtasn1-6-32bit-3.7-4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP2 is installed
  • AND Package Information
  • alsa-1.0.27.2-11 is installed
  • OR libasound2-1.0.27.2-11 is installed
  • OR libasound2-32bit-1.0.27.2-11 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Desktop 12 SP3 is installed
  • AND Package Information
  • aaa_base-13.2+git20140911.61c1681-36 is installed
  • OR aaa_base-extras-13.2+git20140911.61c1681-36 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP3 is installed
  • AND libnetpbm-devel-10.80.1-3.11.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise High Availability 12 SP2 is installed
  • AND haproxy-1.6.5-5 is installed
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise High Performance Computing 15 SP3 is installed
  • OR SUSE Linux Enterprise Module for Web Scripting 15 SP3 is installed
  • OR SUSE Linux Enterprise Server 15 SP3 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP3 is installed
  • OR SUSE Linux Enterprise Storage 7.1 is installed
  • OR SUSE Manager Proxy 4.2 is installed
  • OR SUSE Manager Retail Branch Server 4.2 is installed
  • OR SUSE Manager Server 4.2 is installed
  • AND Package Information
  • nodejs14-14.18.1-15.21.2 is installed
  • OR nodejs14-devel-14.18.1-15.21.2 is installed
  • OR nodejs14-docs-14.18.1-15.21.2 is installed
  • OR npm14-14.18.1-15.21.2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed
  • AND Package Information
  • java-11-openjdk-11.0.6.0-3.39 is installed
  • OR java-11-openjdk-demo-11.0.6.0-3.39 is installed
  • OR java-11-openjdk-devel-11.0.6.0-3.39 is installed
  • OR java-11-openjdk-headless-11.0.6.0-3.39 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed
  • AND Package Information
  • gmp-6.1.2-4.3 is installed
  • OR gmp-devel-6.1.2-4.3 is installed
  • OR gnutls-3.6.7-6.14 is installed
  • OR libgmp10-6.1.2-4.3 is installed
  • OR libgmp10-32bit-6.1.2-4.3 is installed
  • OR libgmpxx4-6.1.2-4.3 is installed
  • OR libgnutls-devel-3.6.7-6.14 is installed
  • OR libgnutls30-3.6.7-6.14 is installed
  • OR libgnutls30-32bit-3.6.7-6.14 is installed
  • OR libgnutlsxx-devel-3.6.7-6.14 is installed
  • OR libgnutlsxx28-3.6.7-6.14 is installed
  • OR libhogweed4-3.4.1-4.12 is installed
  • OR libhogweed4-32bit-3.4.1-4.12 is installed
  • OR libnettle-3.4.1-4.12 is installed
  • OR libnettle-devel-3.4.1-4.12 is installed
  • OR libnettle6-3.4.1-4.12 is installed
  • OR libnettle6-32bit-3.4.1-4.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for CAP 15 SP1 is installed
  • AND cf-cli-6.43.0-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 15 is installed
  • AND Package Information
  • containerd-1.2.5-5.13 is installed
  • OR docker-18.09.6_ce-6.17 is installed
  • OR docker-bash-completion-18.09.6_ce-6.17 is installed
  • OR docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed
  • OR docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18 is installed
  • OR golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Containers 15 SP1 is installed
  • AND Package Information
  • containerd-1.2.5-5.13 is installed
  • OR docker-18.09.6_ce-6.17 is installed
  • OR docker-bash-completion-18.09.6_ce-6.17 is installed
  • OR docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed
  • OR docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18 is installed
  • OR golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 is installed
  • AND Package Information
  • exiv2-0.26-6.3 is installed
  • OR libexiv2-26-0.26-6.3 is installed
  • OR libexiv2-devel-0.26-6.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed
  • AND Package Information
  • MozillaFirefox-60.7.0-3.40 is installed
  • OR MozillaFirefox-devel-60.7.0-3.40 is installed
  • OR MozillaFirefox-translations-common-60.7.0-3.40 is installed
  • OR MozillaFirefox-translations-other-60.7.0-3.40 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 is installed
  • AND Package Information
  • git-2.16.4-3.3 is installed
  • OR git-arch-2.16.4-3.3 is installed
  • OR git-cvs-2.16.4-3.3 is installed
  • OR git-daemon-2.16.4-3.3 is installed
  • OR git-doc-2.16.4-3.3 is installed
  • OR git-email-2.16.4-3.3 is installed
  • OR git-gui-2.16.4-3.3 is installed
  • OR git-svn-2.16.4-3.3 is installed
  • OR git-web-2.16.4-3.3 is installed
  • OR gitk-2.16.4-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed
  • AND Package Information
  • ImageMagick-7.0.7.34-3.64 is installed
  • OR perl-PerlMagick-7.0.7.34-3.64 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for High Performance Computing 15 is installed
  • AND Package Information
  • python-numpy_1_14_0-gnu-hpc-1.14.0-4.5 is installed
  • OR python2-numpy-gnu-hpc-1.14.0-4.5 is installed
  • OR python2-numpy-gnu-hpc-devel-1.14.0-4.5 is installed
  • OR python2-numpy_1_14_0-gnu-hpc-1.14.0-4.5 is installed
  • OR python2-numpy_1_14_0-gnu-hpc-devel-1.14.0-4.5 is installed
  • OR python3-numpy-gnu-hpc-1.14.0-4.5 is installed
  • OR python3-numpy-gnu-hpc-devel-1.14.0-4.5 is installed
  • OR python3-numpy_1_14_0-gnu-hpc-1.14.0-4.5 is installed
  • OR python3-numpy_1_14_0-gnu-hpc-devel-1.14.0-4.5 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Legacy Software 15 is installed
  • AND Package Information
  • libopenssl-1_0_0-devel-1.0.2n-3.3 is installed
  • OR libopenssl1_0_0-1.0.2n-3.3 is installed
  • OR openssl-1_0_0-1.0.2n-3.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 is installed
  • AND kernel-livepatch-tools-1.1-5.3 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed
  • AND Package Information
  • tomcat-9.0.10-3.7 is installed
  • OR tomcat-docs-webapp-9.0.10-3.7 is installed
  • OR tomcat-embed-9.0.10-3.7 is installed
  • OR tomcat-javadoc-9.0.10-3.7 is installed
  • OR tomcat-jsvc-9.0.10-3.7 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed
  • AND Package Information
  • libnetpbm11-32bit-10.80.1-3.8 is installed
  • OR netpbm-10.80.1-3.8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP2 is installed
  • AND cifs-utils-6.5-8 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server 12 SP3 is installed
  • AND Package Information
  • gpg2-2.0.24-8.1 is installed
  • OR gpg2-lang-2.0.24-8.1 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 is installed
  • AND Package Information
  • grub2-2.02~beta2-104.16 is installed
  • OR grub2-arm64-efi-2.02~beta2-104.16 is installed
  • OR grub2-snapper-plugin-2.02~beta2-104.16 is installed
  • OR grub2-systemd-sleep-plugin-2.02~beta2-104.16 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Software Development Kit 12 is installed
  • AND libexif-devel-0.6.21-6.4 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 12 SP2 is installed
  • AND Package Information
  • libsilc-1_1-2-1.1.10-24.128 is installed
  • OR libsilcclient-1_1-3-1.1.10-24.128 is installed
  • OR silc-toolkit-1.1.10-24.128 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 is installed
  • AND Package Information
  • libavcodec-devel-3.4.2-2 is installed
  • OR libavformat-devel-3.4.2-2 is installed
  • OR libavformat57-3.4.2-2 is installed
  • OR libavresample-devel-3.4.2-2 is installed
  • OR libavresample3-3.4.2-2 is installed
    • Definition Synopsis
  • SUSE Linux Enterprise Workstation Extension 15 SP1 is installed
  • AND Package Information
  • MozillaThunderbird-60.8.0-3.46 is installed
  • OR MozillaThunderbird-translations-common-60.8.0-3.46 is installed
  • OR MozillaThunderbird-translations-other-60.8.0-3.46 is installed
    • BACK