SUSE-SU-2024:1309-1
Vulnerability Summary
Timeline
Description
Security update for nodejs18 This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530) - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
Affected Systems
- opensuse•nodejs18&distro=openSUSE Leap 15.5
< 18.20.1-150400.9.21.3
- suse•nodejs18&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
< 18.20.1-150400.9.21.3
- suse•nodejs18&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
< 18.20.1-150400.9.21.3
- suse•nodejs18&distro=SUSE Linux Enterprise Module for Web and Scripting 15 SP5
< 18.20.1-150400.9.21.3
- suse•nodejs18&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
< 18.20.1-150400.9.21.3
- suse•nodejs18&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
< 18.20.1-150400.9.21.3
- suse•nodejs18&distro=SUSE Manager Server 4.3
< 18.20.1-150400.9.21.3
References (11)
- https://www.suse.com/support/update/announcement/2024/suse-su-20241309-1/
- https://bugzilla.suse.com/1220053
- https://bugzilla.suse.com/1222244
- https://bugzilla.suse.com/1222384
- https://bugzilla.suse.com/1222530
- https://bugzilla.suse.com/1222603
- https://www.suse.com/security/cve/CVE-2024-24806
- https://www.suse.com/security/cve/CVE-2024-27982
- https://www.suse.com/security/cve/CVE-2024-27983
- https://www.suse.com/security/cve/CVE-2024-30260
- https://www.suse.com/security/cve/CVE-2024-30261