OVAL Reference oval:org.opensuse.security:def:49467

Oval Definition:

oval:org.opensuse.security:def:49467

Revision Date:	2022-01-14	Version:	1
Title:	Security update for nodejs12 (Important) (in QA)
Description:	This update for nodejs12 fixes the following issues: - CVE-2021-44531: Fixed improper handling of URI Subject Alternative Names (bsc#1194511). - CVE-2021-44532: Fixed certificate Verification Bypass via String Injection (bsc#1194512). - CVE-2021-44533: Fixed incorrect handling of certificate subject and issuer fields (bsc#1194513). - CVE-2022-21824: Fixed prototype pollution via console.table properties (bsc#1194514). - CVE-2021-22959: Fixed HTTP Request Smuggling due to spaced in headers(bsc#1191601). - CVE-2021-22960: Fixed HTTP Request Smuggling when parsing the body (bsc#1191602). - CVE-2021-37701: Fixed arbitrary file creation and overwrite vulnerability in nodejs-tar (bsc#1190057). - CVE-2021-37712: Fixed arbitrary file creation and overwrite vulnerability in nodejs-tar (bsc#1190056). - CVE-2021-37713: Fixed arbitrary file creation/overwrite and arbitrary code execution vulnerability in nodejs-tar (bsc#1190055). - CVE-2021-39134: Fixed symlink following vulnerability in nodejs-arborist (bsc#1190054). - CVE-2021-39135: Fixed symlink following vulnerability in nodejs-arborist (bsc#1190053). This patch is currently in QA and not yet available for download.
Family:	unix	Class:	patch
Status:		Reference(s):	1068709 1068711 1081947 1082293 1085196 1094742 1094745 1095812 1096200 1096203 1098545 1098546 1099358 1106214 1113225 1114209 1114832 1118897 1118898 1118899 1121197 1121268 1121397 1121967 1122417 1123013 1124493 1125886 1128376 1128746 1129124 1130840 1133452 1134068 1135534 1135708 1136440 1140095 1140101 1142988 1144363 1151488 1151612 1153953 1154092 1154609 1158257 1161883 1167007 1167631 1168104 1168994 1169134 1170487 1171496 1171497 1171498 1171499 1171946 1172052 1172377 1173411 1174320 1174458 1174591 1175061 1175240 1175626 1175656 1175781 1177843 1190053 1190054 1190055 1190056 1190057 1191601 1191602 1194511 1194512 1194513 1194514 353876 CVE-2013-2139 CVE-2015-6360 CVE-2016-10198 CVE-2016-10199 CVE-2017-1000231 CVE-2017-1000232 CVE-2017-5837 CVE-2017-5838 CVE-2017-5839 CVE-2017-5840 CVE-2017-5841 CVE-2017-5842 CVE-2017-5843 CVE-2017-5844 CVE-2017-5845 CVE-2017-5846 CVE-2017-5847 CVE-2017-5848 CVE-2018-10805 CVE-2018-11624 CVE-2018-11625 CVE-2018-12599 CVE-2018-12600 CVE-2018-16873 CVE-2018-16874 CVE-2018-16875 CVE-2019-0816 CVE-2019-13117 CVE-2019-13118 CVE-2019-18197 CVE-2019-3820 CVE-2019-5736 CVE-2019-6486 CVE-2019-9947 CVE-2020-10713 CVE-2020-11863 CVE-2020-11864 CVE-2020-11865 CVE-2020-11866 CVE-2020-13401 CVE-2020-14339 CVE-2020-1752 CVE-2020-25660 CVE-2021-22959 CVE-2021-22960 CVE-2021-37701 CVE-2021-37712 CVE-2021-37713 CVE-2021-39134 CVE-2021-39135 CVE-2021-44531 CVE-2021-44532 CVE-2021-44533 CVE-2022-21824 SUSE-SU-2018:2043-1 SUSE-SU-2019:1234-2 SUSE-SU-2019:1352-1 SUSE-SU-2019:1459-1 SUSE-SU-2019:2392-1 SUSE-SU-2019:3097-1 SUSE-SU-2020:0801-1 SUSE-SU-2020:0820-1 SUSE-SU-2020:2237-1 SUSE-SU-2020:2629-1 SUSE-SU-2020:3459-1
Platform(s):	openSUSE Leap 15.0 openSUSE Leap 15.1 SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Desktop 11 SP3 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 12 SP3 SUSE Linux Enterprise Desktop 12 SP4 SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 SUSE Linux Enterprise Module for Basesystem 15 SP1 SUSE Linux Enterprise Module for Basesystem 15 SP2 SUSE Linux Enterprise Module for Containers 15 SP1 SUSE Linux Enterprise Module for Desktop Applications 15 SUSE Linux Enterprise Module for Desktop Applications 15 SP1 SUSE Linux Enterprise Module for Development Tools 15 SUSE Linux Enterprise Module for Development Tools 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Legacy Software 15 SP2 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 SUSE Linux Enterprise Module for Public Cloud 15 SP2 SUSE Linux Enterprise Module for Realtime packages 15 SP1 SUSE Linux Enterprise Module for Server Applications 15 SUSE Linux Enterprise Module for Server Applications 15 SP1 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Module for Web Scripting 15 SP1 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP1-LTSS SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 12 SP2-BCL SUSE Linux Enterprise Server 12 SP2-ESPOS SUSE Linux Enterprise Server 12 SP2-LTSS SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP5 SUSE Linux Enterprise Server 15-LTSS SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12 SP3 SUSE Linux Enterprise Server for SAP Applications 12 SP4 SUSE Linux Enterprise Server for SAP Applications 12 SP5 SUSE Linux Enterprise Server for SAP Applications 15 SUSE Linux Enterprise Workstation Extension 15 SUSE Linux Enterprise Workstation Extension 15 SP1 SUSE OpenStack Cloud 6 SUSE OpenStack Cloud 7	Product(s):
Definition Synopsis
openSUSE Leap 15.0 is installed AND Package Information libspread-sheet-widget0-0.3-lp150.2 is installed OR pspp-1.2.0-lp150.2.3 is installed OR pspp-devel-1.2.0-lp150.2.3 is installed OR spread-sheet-widget-devel-0.3-lp150.2 is installed
Definition Synopsis
openSUSE Leap 15.1 is installed AND update-test-security-5.1-lp151.12 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP2 is installed AND Package Information libfreebl3-3.15.2-0.3 is installed OR libfreebl3-32bit-3.15.2-0.3 is installed OR mozilla-nspr-4.10.1-0.3 is installed OR mozilla-nspr-32bit-4.10.1-0.3 is installed OR mozilla-nss-3.15.2-0.3 is installed OR mozilla-nss-32bit-3.15.2-0.3 is installed OR mozilla-nss-tools-3.15.2-0.3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 11 SP3 is installed AND Package Information flash-player-11.2.202.481-0.8 is installed OR flash-player-gnome-11.2.202.481-0.8 is installed OR flash-player-kde4-11.2.202.481-0.8 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND coolkey-1.1.0-147 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information ImageMagick-6.8.8.1-8 is installed OR libMagick++-6_Q16-3-6.8.8.1-8 is installed OR libMagickCore-6_Q16-1-6.8.8.1-8 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-8 is installed OR libMagickWand-6_Q16-1-6.8.8.1-8 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND busybox-1.21.1-3 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP3 is installed AND Package Information finch-2.12.0-1 is installed OR libpurple-2.12.0-1 is installed OR libpurple-branding-upstream-2.12.0-1 is installed OR libpurple-lang-2.12.0-1 is installed OR libpurple-plugin-sametime-2.12.0-1 is installed OR libpurple-tcl-2.12.0-1 is installed OR pidgin-2.12.0-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP4 is installed AND Package Information libz1-1.2.11-1 is installed OR libz1-32bit-1.2.11-1 is installed OR zlib-devel-1.2.11-1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 12 is installed AND Package Information nodejs12-12.22.9-1.38.1 is installed OR nodejs12-devel-12.22.9-1.38.1 is installed OR nodejs12-docs-12.22.9-1.38.1 is installed OR npm12-12.22.9-1.38.1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed AND djvulibre-3.5.27-3.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for additional PackageHub packages 15 SP2 is installed AND Package Information graphviz-addons-2.40.1-6.3 is installed OR graphviz-gnome-2.40.1-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP1 is installed AND Package Information libvirt-5.1.0-8.19 is installed OR libvirt-libs-5.1.0-8.19 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP2 is installed AND shim-15+git47-3.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Containers 15 SP1 is installed AND Package Information containerd-1.2.5-5.13 is installed OR docker-18.09.6_ce-6.17 is installed OR docker-bash-completion-18.09.6_ce-6.17 is installed OR docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed OR docker-runc-1.0.0rc6+gitr3804_2b18fe1d885e-6.18 is installed OR golang-github-docker-libnetwork-0.7.0.1+gitr2726_872f0a83c98a-4.12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 is installed AND Package Information libsrtp-devel-1.6.0-2 is installed OR libsrtp1-1.6.0-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP1 is installed AND Package Information gstreamer-devel-1.12.5-1 is installed OR gstreamer-utils-1.12.5-1 is installed OR typelib-1_0-Gst-1_0-1.12.5-1 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 is installed AND Package Information ImageMagick-7.0.7.34-3.9 is installed OR perl-PerlMagick-7.0.7.34-3.9 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Development Tools 15 SP1 is installed AND Package Information ldns-1.7.0-4.3 is installed OR perl-DNS-LDNS-1.7.0-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information kernel-default-4.12.14-197.15 is installed OR reiserfs-kmp-default-4.12.14-197.15 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP2 is installed AND Package Information openldap2-2.4.46-9.37 is installed OR openldap2-back-meta-2.4.46-9.37 is installed OR openldap2-back-perl-2.4.46-9.37 is installed OR openldap2-ppolicy-check-password-1.2-9.37 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-23-default-6-16 is installed OR kernel-livepatch-SLE15_Update_0-6-16 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_21-default-3-2 is installed OR kernel-livepatch-SLE15-SP1_Update_6-3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 is installed AND Package Information python3-base-3.6.8-3.16 is installed OR python3-doc-3.6.8-3.16 is installed OR python3-testsuite-3.6.8-3.16 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP1 is installed AND python-libmount-2.31.1-9.8 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Open Buildservice Development Tools 15 SP2 is installed AND Package Information libexif-0.6.22-5.6 is installed OR libexif-devel-32bit-0.6.22-5.6 is installed OR libexif12-32bit-0.6.22-5.6 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Public Cloud 15 SP2 is installed AND Package Information kernel-azure-5.3.18-18.12 is installed OR kernel-azure-devel-5.3.18-18.12 is installed OR kernel-devel-azure-5.3.18-18.12 is installed OR kernel-source-azure-5.3.18-18.12 is installed OR kernel-syms-azure-5.3.18-18.12 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Realtime packages 15 SP1 is installed AND Package Information cluster-md-kmp-rt-4.12.14-14.14 is installed OR dlm-kmp-rt-4.12.14-14.14 is installed OR gfs2-kmp-rt-4.12.14-14.14 is installed OR kernel-devel-rt-4.12.14-14.14 is installed OR kernel-rt-4.12.14-14.14 is installed OR kernel-rt-base-4.12.14-14.14 is installed OR kernel-rt-devel-4.12.14-14.14 is installed OR kernel-rt_debug-4.12.14-14.14 is installed OR kernel-rt_debug-devel-4.12.14-14.14 is installed OR kernel-source-rt-4.12.14-14.14 is installed OR kernel-syms-rt-4.12.14-14.14 is installed OR ocfs2-kmp-rt-4.12.14-14.14 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 is installed AND Package Information xen-4.10.2_04-3.9 is installed OR xen-devel-4.10.2_04-3.9 is installed OR xen-tools-4.10.2_04-3.9 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Server Applications 15 SP1 is installed AND Package Information dhcp-4.3.5-6.3 is installed OR dhcp-relay-4.3.5-6.3 is installed OR dhcp-server-4.3.5-6.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Web Scripting 15 SP1 is installed AND Package Information nodejs8-8.16.1-3.20 is installed OR nodejs8-devel-8.16.1-3.20 is installed OR nodejs8-docs-8.16.1-3.20 is installed OR npm8-8.16.1-3.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND ant-1.9.4-1 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1-LTSS is installed AND Package Information libspice-server1-0.12.5-10 is installed OR spice-0.12.5-10 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2 is installed AND git-core-1.8.5.6-18 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-BCL is installed AND ucode-intel-20180425-13.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-ESPOS is installed AND ucode-intel-20180425-13.20 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP2-LTSS is installed AND Package Information MozillaFirefox-52.8.1esr-109.34 is installed OR MozillaFirefox-devel-52.8.1esr-109.34 is installed OR MozillaFirefox-translations-52.8.1esr-109.34 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information fetchmail-6.3.26-12 is installed OR fetchmailconf-6.3.26-12 is installed
Definition Synopsis
SUSE Linux Enterprise Server 15-LTSS is installed AND Package Information libunbound2-1.6.8-3.6 is installed OR unbound-1.6.8-3.6 is installed OR unbound-anchor-1.6.8-3.6 is installed OR unbound-devel-1.6.8-3.6 is installed
Definition Synopsis
SUSE Linux Enterprise Server for SAP Applications 15 is installed AND Package Information libpainter0-0.9.6-4.8 is installed OR librfxencode0-0.9.6-4.8 is installed OR xrdp-0.9.6-4.8 is installed OR xrdp-devel-0.9.6-4.8 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND Package Information kernel-default-4.12.14-25.16 is installed OR kernel-default-extra-4.12.14-25.16 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 SP1 is installed AND Package Information MozillaThunderbird-68.1.1-3.51 is installed OR MozillaThunderbird-translations-common-68.1.1-3.51 is installed OR MozillaThunderbird-translations-other-68.1.1-3.51 is installed
Definition Synopsis
SUSE OpenStack Cloud 6 is installed AND haproxy-1.5.14-1 is installed
Definition Synopsis
SUSE OpenStack Cloud 7 is installed AND shadow-4.2.1-27.9 is installed

BACK