Overview

File _patchinfo of Package patchinfo.18396

<patchinfo incident="18396">
  <issue tracker="cve" id="2021-23840"/>
  <issue tracker="cve" id="2021-22884"/>
  <issue tracker="cve" id="2021-22883"/>
  <issue tracker="bnc" id="1182620">VUL-0: CVE-2021-22884: nodejs10,nodejs12,nodejs14,nodejs: DNS rebinding in --inspect</issue>
  <issue tracker="bnc" id="1182333">VUL-1: CVE-2021-23840: openssl-1_0_0,openssl1,compat-openssl098,openssl-1_1,openssl: Integer overflow in CipherUpdate</issue>
  <issue tracker="bnc" id="1182619">VUL-0: CVE-2021-22883: nodejs10,nodejs12,nodejs14,nodejs: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion</issue>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs12</summary>
  <description>This update for nodejs12 fixes the following issues:

New upstream LTS version 12.21.0:

- CVE-2021-22883: HTTP2 'unknownProtocol' cause Denial of Service by resource exhaustion (bsc#1182619)
- CVE-2021-22884: DNS rebinding in --inspect (bsc#1182620)
- CVE-2021-23840: OpenSSL - Integer overflow in CipherUpdate (bsc#1182333)
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places