Oval Definition:oval:org.opensuse.security:def:69279
Revision Date:2021-12-07Version:1
Title:Security update for nodejs14 (Important)
Description:

This update for nodejs14 fixes the following issues:

nodejs14 was updated to 14.18.1:

deps: update llhttp to 2.1.4

- HTTP Request Smuggling due to spaced in headers (bsc#1191601, CVE-2021-22959) - HTTP Request Smuggling when parsing the body (bsc#1191602, CVE-2021-22960)

Changes in 14.18.0:

* buffer:

+ introduce Blob + add base64url encoding option

* child_process:

+ allow options.cwd receive a URL + add timeout to spawn and fork + allow promisified exec to be cancel + add 'overlapped' stdio flag

* dns: add 'tries' option to Resolve options * fs:

+ allow empty string for temp directory prefix + allow no-params fsPromises fileHandle read + add support for async iterators to fsPromises.writeFile

* http2: add support for sensitive headers * process: add 'worker' event * tls: allow reading data into a static buffer * worker: add setEnvironmentData/getEnvironmentData

Changes in 14.17.6

* deps: upgrade npm to 6.14.15 which fixes a number of security issues (bsc#1190057, CVE-2021-37701, bsc#1190056, CVE-2021-37712, bsc#1190055, CVE-2021-37713, bsc#1190054, CVE-2021-39134, bsc#1190053, CVE-2021-39135)
Family:unixClass:patch
Status:Reference(s):1162936
1162937
1163178
1173942
1173963
1174186
1174247
1190053
1190054
1190055
1190056
1190057
1191601
1191602
CVE-2019-9458
CVE-2020-11668
CVE-2020-14331
CVE-2020-15780
CVE-2020-8631
CVE-2020-8632
CVE-2021-22959
CVE-2021-22960
CVE-2021-37701
CVE-2021-37712
CVE-2021-37713
CVE-2021-39134
CVE-2021-39135
SUSE-SU-2020:0751-1
SUSE-SU-2021:3964-1
Platform(s):SUSE Linux Enterprise High Performance Computing 15 SP3
SUSE Linux Enterprise Module for Live Patching 15 SP1
SUSE Linux Enterprise Module for Public Cloud 15 SP1
SUSE Linux Enterprise Module for Web Scripting 15 SP3
SUSE Linux Enterprise Server 15 SP3
SUSE Linux Enterprise Server for SAP Applications 15 SP3
SUSE Manager Proxy 4.2
SUSE Manager Server 4.2
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Module for Web Scripting 15 SP3 is installed
  • AND Package Information
  • nodejs14-14.18.1-15.21.2 is installed
  • OR nodejs14-devel-14.18.1-15.21.2 is installed
  • OR nodejs14-docs-14.18.1-15.21.2 is installed
  • OR npm14-14.18.1-15.21.2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Live Patching 15 SP1 is installed
  • AND Package Information
  • kernel-livepatch-4_12_14-197_37-default-5-2 is installed
  • OR kernel-livepatch-SLE15-SP1_Update_10-5-2 is installed
  • Definition Synopsis
  • SUSE Linux Enterprise Module for Public Cloud 15 SP1 is installed
  • AND Package Information
  • cloud-init-19.4-8.17 is installed
  • OR cloud-init-config-suse-19.4-8.17 is installed
  • BACK