OPENSUSE-SU-2020:0293-1
Advisory lineage Upstream: 3 Downstream: 0
Published: 03 Mar 2020, 17:13
Last modified:04 Feb 2026, 04:12
Vulnerability Summary
Overall Risk (default)
minimal
0/100 CVSS Score
No data
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
03 Mar 2020, 17:13
Published
Vulnerability first disclosed
04 Feb 2026, 04:12
Last Modified
Vulnerability information updated
Description
Security update for nodejs8 This update for nodejs8 fixes the following issues: Security issues fixed: - CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104). - CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102). - CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103). This update was imported from the SUSE:SLE-15:Update update project.
Affected Systems
- opensuse•nodejs8&distro=openSUSE Leap 15.1
< 8.17.0-lp151.2.12.1
References (7)
- https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/LLBX73ZML2HFTXADVLS3JFSWUPDITBSK/
- https://bugzilla.suse.com/1163102
- https://bugzilla.suse.com/1163103
- https://bugzilla.suse.com/1163104
- https://www.suse.com/security/cve/CVE-2019-15604
- https://www.suse.com/security/cve/CVE-2019-15605
- https://www.suse.com/security/cve/CVE-2019-15606