Upstream information
Description
In Node.js including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1, an attacker can cause a Denial of Service (DoS) by establishing an HTTP or HTTPS connection in keep-alive mode and by sending headers very slowly. This keeps the connection and associated resources alive for a long period of time. Potential attacks are mitigated by the use of a load balancer or other proxy layer. This vulnerability is an extension of CVE-2018-12121, addressed in November and impacts all active Node.js release lines including 6.x before 6.17.0, 8.x before 8.15.1, 10.x before 10.15.2, and 11.x before 11.10.1.SUSE information
SUSE Bugzilla entry: 1127532 [RESOLVED / FIXED] SUSE Security Advisories:- SUSE-SU-2019:0627-1, published
- SUSE-SU-2019:0635-1, published
- SUSE-SU-2019:0636-1, published
- SUSE-SU-2019:0658-1, published Wed Mar 20 10:37:52 MDT 2019
- SUSE-SU-2019:0818-1, published Fri Mar 29 17:13:00 MDT 2019
- SUSE-SU-2019:14246-1, published Wed Dec 11 13:19:40 MST 2019
- openSUSE-SU-2019:1076-1, published Thu, 28 Mar 2019 21:11:37 +0100 (CET)
- openSUSE-SU-2019:1173-1, published Mon, 8 Apr 2019 15:32:57 +0200 (CEST)
- openSUSE-SU-2019:1211-1, published Tue, 16 Apr 2019 15:09:09 +0200 (CEST)
List of released packages
Product(s) | Fixed package version(s) | References |
---|---|---|
SUSE Enterprise Storage 4 |
| Patchnames: SUSE-Storage-4-2019-658 SUSE-Storage-4-2019-818 |
SUSE Linux Enterprise Module for Web Scripting 12 |
| Patchnames: SUSE-SLE-Module-Web-Scripting-12-2019-636 SUSE-SLE-Module-Web-Scripting-12-2019-658 SUSE-SLE-Module-Web-Scripting-12-2019-818 |
SUSE Linux Enterprise Module for Web Scripting 15 SP1 |
| |
SUSE Linux Enterprise Module for Web Scripting 15 SP2 |
| |
SUSE Linux Enterprise Module for Web Scripting 15 |
| Patchnames: SUSE-SLE-Module-Web-Scripting-15-2019-627 SUSE-SLE-Module-Web-Scripting-15-2019-635 |
SUSE Linux Enterprise Server 11 SP4-LTSS SUSE Linux Enterprise Server for SAP Applications 11 SP4-LTSS |
| Patchnames: slessp4-firefox-201910-14246 |
SUSE OpenStack Cloud 7 |
| Patchnames: SUSE-OpenStack-Cloud-7-2019-818 |
SUSE OpenStack Cloud Crowbar 8 |
| Patchnames: SUSE-OpenStack-Cloud-Crowbar-8-2019-818 |
openSUSE Leap 15.0 |
| Patchnames: openSUSE-2019-1167 |
openSUSE Leap 42.3 |
| Patchnames: openSUSE-2019-1076 openSUSE-2019-1173 openSUSE-2019-1211 |