SUSE-SU-2022:1461-1
Vulnerability Summary
Timeline
Description
Security update for nodejs12 This update for nodejs12 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).
Affected Systems
- opensuse•nodejs12&distro=openSUSE Leap 15.3
< 12.22.12-150200.4.32.1
- opensuse•nodejs12&distro=openSUSE Leap 15.4
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Enterprise Storage 7
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP3
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Linux Enterprise Server 15 SP2-BCL
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Manager Proxy 4.1
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Manager Retail Branch Server 4.1
< 12.22.12-150200.4.32.1
- suse•nodejs12&distro=SUSE Manager Server 4.1
< 12.22.12-150200.4.32.1
References (9)
- https://www.suse.com/support/update/announcement/2022/suse-su-20221461-1/
- https://bugzilla.suse.com/1194819
- https://bugzilla.suse.com/1196877
- https://bugzilla.suse.com/1197283
- https://bugzilla.suse.com/1198247
- https://www.suse.com/security/cve/CVE-2021-44906
- https://www.suse.com/security/cve/CVE-2021-44907
- https://www.suse.com/security/cve/CVE-2022-0235
- https://www.suse.com/security/cve/CVE-2022-0778