Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
Please login to access the resource
openSUSE:Leap:15.5:Update
patchinfo.32688
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.32688
<patchinfo incident="32688"> <issue tracker="cve" id="2024-22019"/> <issue tracker="cve" id="2024-24758"/> <issue tracker="cve" id="2023-46809"/> <issue tracker="cve" id="2024-22025"/> <issue tracker="cve" id="2024-24806"/> <issue tracker="bnc" id="1220017">VUL-0: CVE-2024-24758: nodejs16,nodejs18,nodejs20: ignore proxy-authorization header</issue> <issue tracker="bnc" id="1220053">VUL-0: CVE-2024-24806: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs8: libuv: improper domain lookup that potentially leads to SSRF attacks</issue> <issue tracker="bnc" id="1219993">VUL-0: CVE-2024-22019: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs4,nodejs6,nodejs8: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks</issue> <issue tracker="bnc" id="1220014">VUL-0: CVE-2024-22025: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs4,nodejs6,nodejs8: Denial of Service by resource exhaustion in fetch() brotli decoding</issue> <issue tracker="bnc" id="1219997">VUL-0: CVE-2023-46809: nodejs10,nodejs12,nodejs14,nodejs16,nodejs18,nodejs20,nodejs4,nodejs6,nodejs8: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding)</issue> <packager>adamm</packager> <rating>important</rating> <category>security</category> <summary>Security update for nodejs16</summary> <description>This update for nodejs16 fixes the following issues: Security issues fixed: * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: ignore proxy-authorization header (bsc#1220017). * CVE-2024-24806: fix improper domain lookup that potentially leads to SSRF attacks (bsc#1219724). </description> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor
