Security update for nodejs10
This update for nodejs10 fixes the following issues:
New upstream LTS version 10.24.0:
- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619)
- CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620)
- CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333)
This update was imported from the SUSE:SLE-15:Update update project.
-
Submitted by
Adam Majer (adamm)
Fixed bugs
bnc#1182333
VUL-1: CVE-2021-23840: openssl-1_0_0,openssl1,compat-openssl098,openssl-1_1,openssl: Integer overflow in CipherUpdate
bnc#1182619
VUL-0: CVE-2021-22883: nodejs10,nodejs12,nodejs14,nodejs: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion
bnc#1182620
VUL-0: CVE-2021-22884: nodejs10,nodejs12,nodejs14,nodejs: DNS rebinding in --inspect
