openSUSE Local Security Checks : openSUSE Security Advisory (SUSE-SU-2024:1301-1)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.856072
Categoría:	openSUSE Local Security Checks
Título:	openSUSE Security Advisory (SUSE-SU-2024:1301-1)
Resumen:	The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:1301-1 advisory.
Descripción:	Summary: The remote host is missing an update for the 'nodejs20' package(s) announced via the SUSE-SU-2024:1301-1 advisory. Vulnerability Insight: - CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~ Http2Session() that could lead to HTTP/2 server crash (bsc#1222244) - CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384) - CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530) - CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603) - CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053) Affected Software/OS: 'nodejs20' package(s) on openSUSE Leap 15.5. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2024-24806 https://github.com/libuv/libuv/commit/0f2d7e784a256b54b2385043438848047bc2a629 https://github.com/libuv/libuv/commit/3530bcc30350d4a6ccf35d2f7b33e23292b9de70 https://github.com/libuv/libuv/commit/c858a147643de38a09dd4164758ae5b685f2b488 https://github.com/libuv/libuv/commit/e0327e1d508b8207c9150b6e582f0adf26213c39 https://github.com/libuv/libuv/security/advisories/GHSA-f74f-cvh7-c6q6 https://lists.debian.org/debian-lts-announce/2024/03/msg00005.html http://www.openwall.com/lists/oss-security/2024/02/08/2 http://www.openwall.com/lists/oss-security/2024/02/11/1 http://www.openwall.com/lists/oss-security/2024/03/11/1 Common Vulnerability Exposure (CVE) ID: CVE-2024-27982 https://hackerone.com/reports/2237099 Common Vulnerability Exposure (CVE) ID: CVE-2024-27983 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JDECX4BYZLMM4S4LALN4DPZ2HUTTPLKE/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YDVFUH7ACZPYB3BS4SVILNOY7NQU73VW/ https://hackerone.com/reports/2319584 http://www.openwall.com/lists/oss-security/2024/04/03/16 Common Vulnerability Exposure (CVE) ID: CVE-2024-30260 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P6Q4RGETHVYVHDIQGTJGU5AV6NJEI67E/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NC3V3HFZ5MOJRZDY5ZELL6REIRSPFROJ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQVHWAS6WDXXIU7F72XI55VZ2LTZUB33/ https://github.com/nodejs/undici/commit/64e3402da4e032e68de46acb52800c9a06aaea3f https://github.com/nodejs/undici/commit/6805746680d27a5369d7fb67bc05f95a28247d75 https://github.com/nodejs/undici/security/advisories/GHSA-m4v8-wqvr-p9f7 Common Vulnerability Exposure (CVE) ID: CVE-2024-30261 https://github.com/nodejs/undici/commit/2b39440bd9ded841c93dd72138f3b1763ae26055 https://github.com/nodejs/undici/commit/d542b8cd39ec1ba303f038ea26098c3f355974f3 https://github.com/nodejs/undici/security/advisories/GHSA-9qxr-qj54-h672 https://hackerone.com/reports/2377760
Copyright	Copyright (C) 2024 Greenbone AG