Vulnerability BDU:2022-03042: Information

Подтверждена производителем
Данные уточняются
Уязвимость устранена
Сетевое программное средство, Прикладное ПО информационных систем, Сетевое средство, Программное средство АСУ ТП
Использование рекомендаций:
Для Node-tar:
https://www.npmjs.com/package/tar
https://github.com/npm/node-tar/tags
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh

Для программных продуктов IBM:
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2021-37713/

Для программных продуктов Oracle Corp.:
https://www.oracle.com/security-alerts/cpuoct2021.html

Для SINEC INS:
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf 
https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh 
https://www.npmjs.com/package/tar  
https://www.oracle.com/security-alerts/cpuoct2021.html
https://nvd.nist.gov/vuln/detail/CVE-2021-37713
https://access.redhat.com/security/cve/cve-2021-37713
https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2021-37713/

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
node	sisyphus	14.18.0-alt1	20.13.1-alt1	ALT-PU-2021-2920-1	286074	Fixed
node	p10	14.18.2-alt1	16.19.1-alt1	ALT-PU-2021-3615-1	292248	Fixed
node	c10f1	14.18.2-alt1	16.19.1-alt1	ALT-PU-2021-3615-1	292248	Fixed
node	c9f2	16.17.1-alt0.c9.1	16.19.1-alt0.c9.1	ALT-PU-2022-3073-1	303505	Fixed
node	p11	14.18.0-alt1	20.13.1-alt1	ALT-PU-2021-2920-1	286074	Fixed
npm	p10	6.14.16-alt1	8.19.3-alt1	ALT-PU-2022-1798-1	298947	Fixed
npm	c10f1	6.14.16-alt1	8.19.3-alt1	ALT-PU-2022-1798-1	298947	Fixed
npm	c9f2	8.15.0-alt0.c9.1	8.19.3-alt1	ALT-PU-2022-3069-1	303505	Fixed

Vulnerability BDU:2022-03042: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Vulnerability Status	Подтверждена производителем
Presence of an exploit	Данные уточняются
Fix status	Уязвимость устранена
Software Type	Сетевое программное средство, Прикладное ПО информационных систем, Сетевое средство, Программное средство АСУ ТП
Solution	Использование рекомендаций: Для Node-tar: https://www.npmjs.com/package/tar https://github.com/npm/node-tar/tags https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh Для программных продуктов IBM: https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2021-37713/ Для программных продуктов Oracle Corp.: https://www.oracle.com/security-alerts/cpuoct2021.html Для SINEC INS: https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
Sources	https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf https://github.com/npm/node-tar/security/advisories/GHSA-5955-9wpr-37jh https://www.npmjs.com/package/tar https://www.oracle.com/security-alerts/cpuoct2021.html https://nvd.nist.gov/vuln/detail/CVE-2021-37713 https://access.redhat.com/security/cve/cve-2021-37713 https://www.ibm.com/blogs/psirt/security-bulletin-security-vulnerabilities-affect-ibm-cloud-private-node-js-cve-2021-37713/
Other system identifiers	CVE-2021-37713