Security update for nodejs14 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2022:2425-1 Final 1 1 2022-07-18T07:04:40Z current 2022-07-18T07:04:40Z 2022-07-18T07:04:40Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nodejs14 This update for nodejs14 fixes the following issues: - CVE-2022-32212: Fixed DNS rebinding in --inspect via invalid IP addresses (bsc#1201328). - CVE-2022-32213: Fixed HTTP request smuggling due to flawed parsing of Transfer-Encoding (bsc#1201325). - CVE-2022-32214: Fixed HTTP request smuggling due to improper delimiting of header fields (bsc#1201326). - CVE-2022-32215: Fixed HTTP request smuggling due to incorrect parsing of multi-line Transfer-Encoding (bsc#1201327). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). Container bci/node:14-2022-2425,SUSE-2022-2425,SUSE-SLE-Module-Web-Scripting-15-SP3-2022-2425,SUSE-SLE-Product-HPC-15-SP2-ESPOS-2022-2425,SUSE-SLE-Product-HPC-15-SP2-LTSS-2022-2425,SUSE-SLE-Product-SLES-15-SP2-BCL-2022-2425,SUSE-SLE-Product-SLES-15-SP2-LTSS-2022-2425,SUSE-SLE-Product-SLES_SAP-15-SP2-2022-2425,SUSE-SLE-Product-SUSE-Manager-Proxy-4.1-2022-2425,SUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.1-2022-2425,SUSE-SLE-Product-SUSE-Manager-Server-4.1-2022-2425,SUSE-Storage-7-2022-2425,openSUSE-SLE-15.3-2022-2425,openSUSE-SLE-15.4-2022-2425 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2022/suse-su-20222425-1/ Link for SUSE-SU-2022:2425-1 https://lists.suse.com/pipermail/sle-security-updates/2022-July/011578.html E-Mail link for SUSE-SU-2022:2425-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1201325 SUSE Bug 1201325 https://bugzilla.suse.com/1201326 SUSE Bug 1201326 https://bugzilla.suse.com/1201327 SUSE Bug 1201327 https://bugzilla.suse.com/1201328 SUSE Bug 1201328 https://www.suse.com/security/cve/CVE-2022-32212/ SUSE CVE CVE-2022-32212 page https://www.suse.com/security/cve/CVE-2022-32213/ SUSE CVE CVE-2022-32213 page https://www.suse.com/security/cve/CVE-2022-32214/ SUSE CVE CVE-2022-32214 page https://www.suse.com/security/cve/CVE-2022-32215/ SUSE CVE CVE-2022-32215 page Container bci/node:14 SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Module for Web and Scripting 15 SP3 SUSE Linux Enterprise Server 15 SP2-BCL SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP2 SUSE Manager Proxy 4.1 SUSE Manager Retail Branch Server 4.1 SUSE Manager Server 4.1 openSUSE Leap 15.3 openSUSE Leap 15.4 nodejs14-14.20.0-150200.15.34.1 npm14-14.20.0-150200.15.34.1 corepack14-14.20.0-150200.15.34.1 nodejs14-devel-14.20.0-150200.15.34.1 nodejs14-docs-14.20.0-150200.15.34.1 nodejs14-14.20.0-150200.15.34.1 as a component of Container bci/node:14 npm14-14.20.0-150200.15.34.1 as a component of Container bci/node:14 nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Enterprise Storage 7 nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Enterprise Storage 7 nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Enterprise Storage 7 npm14-14.20.0-150200.15.34.1 as a component of SUSE Enterprise Storage 7 nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS npm14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS npm14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3 nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3 nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3 npm14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 SP3 nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL npm14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-BCL nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS npm14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 npm14-14.20.0-150200.15.34.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Manager Proxy 4.1 nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Manager Proxy 4.1 nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Manager Proxy 4.1 npm14-14.20.0-150200.15.34.1 as a component of SUSE Manager Proxy 4.1 nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Manager Retail Branch Server 4.1 nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Manager Retail Branch Server 4.1 nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Manager Retail Branch Server 4.1 npm14-14.20.0-150200.15.34.1 as a component of SUSE Manager Retail Branch Server 4.1 nodejs14-14.20.0-150200.15.34.1 as a component of SUSE Manager Server 4.1 nodejs14-devel-14.20.0-150200.15.34.1 as a component of SUSE Manager Server 4.1 nodejs14-docs-14.20.0-150200.15.34.1 as a component of SUSE Manager Server 4.1 npm14-14.20.0-150200.15.34.1 as a component of SUSE Manager Server 4.1 nodejs14-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.3 nodejs14-devel-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.3 nodejs14-docs-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.3 npm14-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.3 corepack14-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.4 nodejs14-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.4 nodejs14-devel-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.4 nodejs14-docs-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.4 npm14-14.20.0-150200.15.34.1 as a component of openSUSE Leap 15.4 A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easily be bypassed because IsIPAddress does not properly check if an IP address is invalid before making DBS requests allowing rebinding attacks. CVE-2022-32212 Container bci/node:14:nodejs14-14.20.0-150200.15.34.1 Container bci/node:14:npm14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.3:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:corepack14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.4:npm14-14.20.0-150200.15.34.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222425-1/ https://www.suse.com/security/cve/CVE-2022-32212.html CVE-2022-32212 https://bugzilla.suse.com/1201328 SUSE Bug 1201328 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly parse and validate Transfer-Encoding headers and can lead to HTTP Request Smuggling (HRS). CVE-2022-32213 Container bci/node:14:nodejs14-14.20.0-150200.15.34.1 Container bci/node:14:npm14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.3:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:corepack14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.4:npm14-14.20.0-150200.15.34.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222425-1/ https://www.suse.com/security/cve/CVE-2022-32213.html CVE-2022-32213 https://bugzilla.suse.com/1201325 SUSE Bug 1201325 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request Smuggling (HRS). CVE-2022-32214 Container bci/node:14:nodejs14-14.20.0-150200.15.34.1 Container bci/node:14:npm14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.3:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:corepack14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.4:npm14-14.20.0-150200.15.34.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222425-1/ https://www.suse.com/security/cve/CVE-2022-32214.html CVE-2022-32214 https://bugzilla.suse.com/1201326 SUSE Bug 1201326 The llhttp parser <v14.20.1, <v16.17.1 and <v18.9.1 in the http module in Node.js does not correctly handle multi-line Transfer-Encoding headers. This can lead to HTTP Request Smuggling (HRS). CVE-2022-32215 Container bci/node:14:nodejs14-14.20.0-150200.15.34.1 Container bci/node:14:npm14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Enterprise Storage 7:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-ESPOS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Module for Web and Scripting 15 SP3:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-BCL:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server 15 SP2-LTSS:npm14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Proxy 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Retail Branch Server 4.1:npm14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-devel-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:nodejs14-docs-14.20.0-150200.15.34.1 SUSE Manager Server 4.1:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.3:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.3:npm14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:corepack14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-devel-14.20.0-150200.15.34.1 openSUSE Leap 15.4:nodejs14-docs-14.20.0-150200.15.34.1 openSUSE Leap 15.4:npm14-14.20.0-150200.15.34.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2022/suse-su-20222425-1/ https://www.suse.com/security/cve/CVE-2022-32215.html CVE-2022-32215 https://bugzilla.suse.com/1201327 SUSE Bug 1201327