SUSE-SU-2022:1462-1
Vulnerability Summary
Timeline
Description
Security update for nodejs14 This update for nodejs14 fixes the following issues: - CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877). - CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247). - CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283). - CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).
Affected Systems
- opensuse•nodejs14&distro=openSUSE Leap 15.3
< 14.19.1-150200.15.31.1
- opensuse•nodejs14&distro=openSUSE Leap 15.4
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Enterprise Storage 7
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP3
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Linux Enterprise Server 15 SP2-BCL
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP2
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Manager Proxy 4.1
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Manager Retail Branch Server 4.1
< 14.19.1-150200.15.31.1
- suse•nodejs14&distro=SUSE Manager Server 4.1
< 14.19.1-150200.15.31.1
References (9)
- https://www.suse.com/support/update/announcement/2022/suse-su-20221462-1/
- https://bugzilla.suse.com/1194819
- https://bugzilla.suse.com/1196877
- https://bugzilla.suse.com/1197283
- https://bugzilla.suse.com/1198247
- https://www.suse.com/security/cve/CVE-2021-44906
- https://www.suse.com/security/cve/CVE-2021-44907
- https://www.suse.com/security/cve/CVE-2022-0235
- https://www.suse.com/security/cve/CVE-2022-0778