Bugzilla – Full Text Bug Listing |
Summary: | VUL-0: CVE-2021-39134: nodejs4,nodejs6,nodejs8,nodejs14,nodejs12,nodejs10: nodejs-arborist: symlink following vulnerability | ||
---|---|---|---|
Product: | [Novell Products] SUSE Security Incidents | Reporter: | Robert Frohl <rfrohl> |
Component: | Incidents | Assignee: | Security Team bot <security-team> |
Status: | RESOLVED FIXED | QA Contact: | Security Team bot <security-team> |
Severity: | Major | ||
Priority: | P3 - Medium | CC: | smash_bz, thomas.leroy |
Version: | unspecified | ||
Target Milestone: | --- | ||
Hardware: | Other | ||
OS: | Other | ||
URL: | https://smash.suse.de/issue/308822/ | ||
Whiteboard: | CVSSv3.1:SUSE:CVE-2021-39134:8.1:(AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H) | ||
Found By: | Security Response Team | Services Priority: | |
Business Priority: | Blocker: | --- | |
Marketing QA Status: | --- | IT Deployment: | --- |
Description
Robert Frohl
2021-09-01 10:55:51 UTC
This is an autogenerated message for OBS integration: This bug (1190054) was mentioned in https://build.opensuse.org/request/show/930657 Factory / nodejs14 SUSE-SU-2021:3886-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs14-14.18.1-6.18.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. SUSE-SU-2021:3940-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): nodejs12-12.22.7-4.22.1 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs12-12.22.7-4.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:3940-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs12-12.22.7-4.22.1 openSUSE-SU-2021:3964-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 JIRA References: Sources used: openSUSE Leap 15.3 (src): nodejs14-14.18.1-15.21.2 SUSE-SU-2021:3964-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 15-SP3 (src): nodejs14-14.18.1-15.21.2 SUSE Linux Enterprise Module for Web Scripting 15-SP2 (src): nodejs14-14.18.1-15.21.2 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. openSUSE-SU-2021:1552-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs14-14.18.1-lp152.17.1 openSUSE-SU-2021:1574-1: An update that fixes 7 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135 JIRA References: Sources used: openSUSE Leap 15.2 (src): nodejs12-12.22.7-lp152.3.21.1 SUSE-SU-2022:0101-1: An update that fixes 11 vulnerabilities is now available. Category: security (important) Bug References: 1190053,1190054,1190055,1190056,1190057,1191601,1191602,1194511,1194512,1194513,1194514 CVE References: CVE-2021-22959,CVE-2021-22960,CVE-2021-37701,CVE-2021-37712,CVE-2021-37713,CVE-2021-39134,CVE-2021-39135,CVE-2021-44531,CVE-2021-44532,CVE-2021-44533,CVE-2022-21824 JIRA References: Sources used: SUSE Linux Enterprise Module for Web Scripting 12 (src): nodejs12-12.22.9-1.38.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination. All affected codestreams fixed. Reassigning to security team. (In reply to Adam Majer from comment #12) > All affected codestreams fixed. Reassigning to security team. Thanks Adam, closing |