SUSE-SU-2024:1305-1

Details

Description of the patch:

This update for nodejs16 fixes the following issues:

CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)

Affected Packages

nodejs16

SUSE Linux Enterprise Module for Web and Scripting 12

Fixed in:

16.20.2-8.42.1

nodejs16-devel

SUSE Linux Enterprise Module for Web and Scripting 12

Fixed in:

16.20.2-8.42.1

nodejs16-docs

SUSE Linux Enterprise Module for Web and Scripting 12

Fixed in:

16.20.2-8.42.1

npm16

SUSE Linux Enterprise Module for Web and Scripting 12

Fixed in:

16.20.2-8.42.1

References