SUSE-SU-2024:1309-1 -- SLES nodejs18, npm18ID: oval:org.secpod.oval:def:89051765 | Date: (C)2024-04-26 (M)2024-04-29 |
Class: PATCH | Family: unix |
This update for nodejs18 fixes the following issues: Update to 18.20.1 Security fixes: * CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session that could lead to HTTP/2 server crash * CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation * CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici * CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici * CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv
Platform: |
SUSE Linux Enterprise Server 15 SP4 |