Early Access — Mondoo Vulnerability Intelligence is currently in preview.

SUSE-SU-2023:4374-1

UNKNOWN

Security update for nodejs12

Published Nov 6, 2023

Modified 2 years ago

Fix available

Details

This update for nodejs12 fixes the following issues:

CVE-2023-44487: Fixed the Rapid Reset attack in nghttp2. (bsc#1216190)
CVE-2023-38552: Fixed an integrity checks according to policies that could be circumvented. (bsc#1216272)

Affected Packages

SUSE:Enterprise Storage 7.1nodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Enterprise Storage 7.1nodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Enterprise Storage 7.1nodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Enterprise Storage 7.1npm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP2-LTSSnpm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-ESPOSnpm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise High Performance Computing 15 SP3-LTSSnpm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP2-LTSSnpm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server 15 SP3-LTSSnpm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2nodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2nodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2nodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP2npm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3nodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3nodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3nodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Linux Enterprise Server for SAP Applications 15 SP3npm12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Manager Server 4.2nodejs12

Fixed in:

12.22.12-150200.4.53.2

SUSE:Manager Server 4.2nodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

SUSE:Manager Server 4.2nodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

SUSE:Manager Server 4.2npm12

Fixed in:

12.22.12-150200.4.53.2

openSUSE:Leap 15.4nodejs12

Fixed in:

12.22.12-150200.4.53.2

openSUSE:Leap 15.4nodejs12-devel

Fixed in:

12.22.12-150200.4.53.2

openSUSE:Leap 15.4nodejs12-docs

Fixed in:

12.22.12-150200.4.53.2

openSUSE:Leap 15.4npm12

Fixed in:

12.22.12-150200.4.53.2

References

REPORThttps://bugzilla.suse.com/1216190 REPORThttps://bugzilla.suse.com/1216272 WEBhttps://www.suse.com/security/cve/CVE-2023-38552 WEBhttps://www.suse.com/security/cve/CVE-2023-44487 ADVISORYhttps://www.suse.com/support/update/announcement/2023/suse-su-20234374-1/

Upstream

CVE-2023-38552 CVE-2023-44487

Related

CVE-2023-38552 CVE-2023-44487

Ecosystems

SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP3-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Server 4.2 openSUSE Leap 15.4

Timeline

PublishedNov 6, 2023

ModifiedNov 6, 2023

SUSE-SU-2023:4374-1 | Mondoo Vulnerability Intelligence