SUSE-CU-2024:1536-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Apr 17 07:02:52 UTC 2024
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1536-1
Container Tags : bci/node:18 , bci/node:18-17.2 , bci/nodejs:18 , bci/nodejs:18-17.2
Container Release : 17.2
Severity : important
Type : security
References : 1220053 1222244 1222384 1222530 1222603 CVE-2024-24806 CVE-2024-27982
CVE-2024-27983 CVE-2024-30260 CVE-2024-30261
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1309-1
Released: Tue Apr 16 11:32:57 2024
Summary: Security update for nodejs18
Type: security
Severity: important
References: 1220053,1222244,1222384,1222530,1222603,CVE-2024-24806,CVE-2024-27982,CVE-2024-27983,CVE-2024-30260,CVE-2024-30261
This update for nodejs18 fixes the following issues:
Update to 18.20.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
The following package changes have been done:
- nodejs18-18.20.1-150400.9.21.3 updated
- npm18-18.20.1-150400.9.21.3 updated
More information about the sle-container-updates
mailing list