{"id":"SUSE-SU-2020:0429-1","summary":"Security update for nodejs12","details":"This update for nodejs12 fixes the following issues:\n\nnodejs12 was updated to version 12.15.0.\n\nSecurity issues fixed:\n\n- CVE-2019-15604: Fixed a remotely triggerable assertion in the TLS server via a crafted certificate string (CVE-2019-15604, bsc#1163104).\n- CVE-2019-15605: Fixed an HTTP request smuggling vulnerability via malformed Transfer-Encoding header (CVE-2019-15605, bsc#1163102).\n- CVE-2019-15606: Fixed the white space sanitation of HTTP headers (CVE-2019-15606, bsc#1163103).\n- CVE-2019-16775: Fixed an arbitrary file write vulnerability (bsc#1159352).\n- CVE-2019-16776: Fixed an arbitrary file write vulnerability (bsc#1159352).\n- CVE-2019-16777: Fixed an arbitrary file write vulnerability (bsc#1159352).\n","modified":"2026-02-04T03:33:18.665432Z","published":"2020-02-20T12:28:28Z","related":["CVE-2019-15604","CVE-2019-15605","CVE-2019-15606","CVE-2019-16775","CVE-2019-16776","CVE-2019-16777"],"upstream":["CVE-2019-15604","CVE-2019-15605","CVE-2019-15606","CVE-2019-16775","CVE-2019-16776","CVE-2019-16777"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2020/suse-su-20200429-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1159352"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163102"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163103"},{"type":"REPORT","url":"https://bugzilla.suse.com/1163104"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15604"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15605"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-15606"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-16775"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-16776"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2019-16777"}],"affected":[{"package":{"name":"nodejs12","ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","purl":"pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"12.15.0-1.6.1"}]}],"ecosystem_specific":{"binaries":[{"npm12":"12.15.0-1.6.1","nodejs12-devel":"12.15.0-1.6.1","nodejs12":"12.15.0-1.6.1","nodejs12-docs":"12.15.0-1.6.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2020:0429-1.json"}}],"schema_version":"1.7.3"}