Overview

File _patchinfo of Package patchinfo.26207

<patchinfo incident="26207">
  <issue tracker="cve" id="2022-32213"/>
  <issue tracker="cve" id="2022-32215"/>
  <issue tracker="cve" id="2022-35255"/>
  <issue tracker="cve" id="2022-35256"/>
  <issue tracker="bnc" id="1201327">VUL-0: CVE-2022-32215: nodejs: HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding</issue>
  <issue tracker="bnc" id="1201325">VUL-0: CVE-2022-32213: nodejs: HTTP request smuggling due to flawed parsing of Transfer-Encoding</issue>
  <issue tracker="bnc" id="1203832">VUL-0: CVE-2022-35256: nodejs10,nodejs8,nodejs12,nodejs16,nodejs14,nodejs4,nodejs6: HTTP Request Smuggling Due to Incorrect Parsing of Header Fields</issue>
  <issue tracker="bnc" id="1203831">VUL-0: CVE-2022-35255: nodejs16: Weak randomness in WebCrypto keygen</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs16</summary>
  <description>This update for nodejs16 fixes the following issues:

Updated to version 16.17.1:

- CVE-2022-32213: Fixed bypass via obs-fold mechanic (bsc#1201325).
- CVE-2022-32215: Fixed incorrect Parsing of Multi-line Transfer-Encoding (bsc#1201327).
- CVE-2022-35256: Fixed incorrect Parsing of Header Fields (bsc#1203832).
- CVE-2022-35255: FIxed weak randomness in WebCrypto keygen (bsc#1203831).

</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places