Oval Definition:	oval:org.opensuse.security:def:69252
Revision Date: 2021-09-03 Version: 1 Title: Security update for nodejs10 (Moderate) Description: This update for nodejs10 fixes the following issues: - CVE-2021-3672: Fixed missing input validation on hostnames (bsc#1188881). - CVE-2021-22930: Fixed use after free on close http2 on stream canceling (bsc#1188917). - CVE-2021-22939: Fixed incomplete validation of rejectUnauthorized parameter (bsc#1189369). - CVE-2021-22931: Fixed improper handling of untypical characters in domain names (bsc#1189370). Family: unix Class: patch Status: Reference(s): 1160467 1160468 1178682 1188881 1188917 1189369 1189370 CVE-2019-14896 CVE-2019-14897 CVE-2020-25708 CVE-2021-22930 CVE-2021-22931 CVE-2021-22939 CVE-2021-3672 SUSE-SU-2020:0204-1 SUSE-SU-2020:3515-1 SUSE-SU-2021:2953-1 Platform(s): SUSE Linux Enterprise High Performance Computing 15 SP2 SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SP1 SUSE Linux Enterprise Module for Web Scripting 15 SP2 SUSE Linux Enterprise Server 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Storage 7 SUSE Manager Proxy 4.1 SUSE Manager Server 4.1 Product(s): Definition Synopsis SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed AND Package Information kernel-livepatch-4_12_14-197_29-default-2-2 is installed OR kernel-livepatch-SLE15-SP1_Update_8-2-2 is installed Definition Synopsis SUSE Linux Enterprise Module for additional PackageHub packages 15 SP1 is installed AND Package Information LibVNCServer-0.9.10-4.25 is installed OR libvncserver0-0.9.10-4.25 is installed Definition Synopsis SUSE Linux Enterprise Module for Web Scripting 15 SP2 is installed AND Package Information nodejs10-10.24.1-1.39.2 is installed OR nodejs10-devel-10.24.1-1.39.2 is installed OR nodejs10-docs-10.24.1-1.39.2 is installed OR npm10-10.24.1-1.39.2 is installed
BACK