{"id":"SUSE-SU-2024:1308-1","summary":"Security update for nodejs16","details":"This update for nodejs16 fixes the following issues:\n\n- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)\n- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)\n","modified":"2026-02-04T02:45:24.982616Z","published":"2024-04-16T09:32:34Z","related":["CVE-2024-27982","CVE-2024-27983"],"upstream":["CVE-2024-27982","CVE-2024-27983"],"references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2024/suse-su-20241308-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222244"},{"type":"REPORT","url":"https://bugzilla.suse.com/1222384"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-27982"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2024-27983"}],"affected":[{"package":{"name":"nodejs16","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-ESPOS","purl":"pkg:rpm/suse/nodejs16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.20.2-150400.3.33.1"}]}],"ecosystem_specific":{"binaries":[{"npm16":"16.20.2-150400.3.33.1","nodejs16":"16.20.2-150400.3.33.1","nodejs16-devel":"16.20.2-150400.3.33.1","nodejs16-docs":"16.20.2-150400.3.33.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1308-1.json"}},{"package":{"name":"nodejs16","ecosystem":"SUSE:Linux Enterprise High Performance Computing 15 SP4-LTSS","purl":"pkg:rpm/suse/nodejs16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.20.2-150400.3.33.1"}]}],"ecosystem_specific":{"binaries":[{"npm16":"16.20.2-150400.3.33.1","nodejs16":"16.20.2-150400.3.33.1","nodejs16-devel":"16.20.2-150400.3.33.1","nodejs16-docs":"16.20.2-150400.3.33.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1308-1.json"}},{"package":{"name":"nodejs16","ecosystem":"SUSE:Linux Enterprise Server 15 SP4-LTSS","purl":"pkg:rpm/suse/nodejs16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.20.2-150400.3.33.1"}]}],"ecosystem_specific":{"binaries":[{"npm16":"16.20.2-150400.3.33.1","nodejs16":"16.20.2-150400.3.33.1","nodejs16-devel":"16.20.2-150400.3.33.1","nodejs16-docs":"16.20.2-150400.3.33.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1308-1.json"}},{"package":{"name":"nodejs16","ecosystem":"SUSE:Linux Enterprise Server for SAP Applications 15 SP4","purl":"pkg:rpm/suse/nodejs16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.20.2-150400.3.33.1"}]}],"ecosystem_specific":{"binaries":[{"npm16":"16.20.2-150400.3.33.1","nodejs16":"16.20.2-150400.3.33.1","nodejs16-devel":"16.20.2-150400.3.33.1","nodejs16-docs":"16.20.2-150400.3.33.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1308-1.json"}},{"package":{"name":"nodejs16","ecosystem":"SUSE:Manager Server 4.3","purl":"pkg:rpm/suse/nodejs16&distro=SUSE%20Manager%20Server%204.3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"16.20.2-150400.3.33.1"}]}],"ecosystem_specific":{"binaries":[{"npm16":"16.20.2-150400.3.33.1","nodejs16":"16.20.2-150400.3.33.1","nodejs16-devel":"16.20.2-150400.3.33.1","nodejs16-docs":"16.20.2-150400.3.33.1"}]},"database_specific":{"source":"https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2024:1308-1.json"}}],"schema_version":"1.7.3"}