Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2023:4373-1 | Mondoo Vulnerability Intelligence

SUSE-SU-2023:4373-1

UNKNOWN

Security update for nodejs12

Published Nov 6, 2023

Modified 2 years ago

Fix available

Details

This update for nodejs12 fixes the following issues:

CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190)
CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272)

Affected Packages

SUSE:Enterprise Storage 7.1nodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Enterprise Storage 7.1nodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Enterprise Storage 7.1nodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Enterprise Storage 7.1npm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnpm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnpm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnpm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnpm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnpm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2nodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2nodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2nodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2npm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3nodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3nodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3nodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3npm14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Manager Server 4.2nodejs14

Fixed in:

14.21.3-150200.15.52.2

SUSE:Manager Server 4.2nodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

SUSE:Manager Server 4.2nodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

SUSE:Manager Server 4.2npm14

Fixed in:

14.21.3-150200.15.52.2

openSUSE:Leap 15.4corepack14

Fixed in:

14.21.3-150200.15.52.2

openSUSE:Leap 15.4nodejs14

Fixed in:

14.21.3-150200.15.52.2

openSUSE:Leap 15.4nodejs14-devel

Fixed in:

14.21.3-150200.15.52.2

openSUSE:Leap 15.4nodejs14-docs

Fixed in:

14.21.3-150200.15.52.2

openSUSE:Leap 15.4npm14

Fixed in:

14.21.3-150200.15.52.2

References

REPORThttps://bugzilla.suse.com/1216190 REPORThttps://bugzilla.suse.com/1216272 WEBhttps://www.suse.com/security/cve/CVE-2023-38552 WEBhttps://www.suse.com/security/cve/CVE-2023-44487 ADVISORYhttps://www.suse.com/support/update/announcement/2023/suse-su-20234373-1/

Upstream

CVE-2023-38552 CVE-2023-44487

Related

CVE-2023-38552 CVE-2023-44487

Ecosystems

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Server 4.2 openSUSE Leap 15.4

Timeline

PublishedNov 6, 2023

ModifiedNov 6, 2023