SUSE-SU-2023:3455-1 -- SLES nodejs12, npm12ID: oval:org.secpod.oval:def:89049329 | Date: (C)2023-08-30 (M)2024-06-24 |
Class: PATCH | Family: unix |
This update for nodejs12 fixes the following issues: * CVE-2023-23918: Fixed permissions policies bypass via process.mainModule . * CVE-2023-32002: Fixed permissions policies bypass via Module._load . * CVE-2023-32006: Fixed permissions policies impersonation using module.constructor.createRequire . * CVE-2023-32559: Fixed permissions policies bypass via process.binding . * CVE-2023-30581: Fixed mainModule.proto bypass . * CVE-2023-30590: Fixed missing DiffieHellman key generation . * CVE-2023-30589: Fixed HTTP Request Smuggling via Empty headers separated by CR .
Platform: |
SUSE Linux Enterprise Server 15 SP2 |
SUSE Linux Enterprise Server 15 SP3 |