SUSE-CU-2024:1537-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Wed Apr 17 07:03:11 UTC 2024
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:1537-1
Container Tags : bci/node:20 , bci/node:20-7.2 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20-7.2 , bci/nodejs:latest
Container Release : 7.2
Severity : important
Type : security
References : 1220053 1222244 1222384 1222530 1222603 CVE-2024-24806 CVE-2024-27982
CVE-2024-27983 CVE-2024-30260 CVE-2024-30261
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:1301-1
Released: Tue Apr 16 03:33:31 2024
Summary: Security update for nodejs20
Type: security
Severity: important
References: 1220053,1222244,1222384,1222530,1222603,CVE-2024-24806,CVE-2024-27982,CVE-2024-27983,CVE-2024-30260,CVE-2024-30261
This update for nodejs20 fixes the following issues:
Update to 20.12.1
Security fixes:
- CVE-2024-27983: Fixed failed assertion in node::http2::Http2Session::~Http2Session() that could lead to HTTP/2 server crash (bsc#1222244)
- CVE-2024-27982: Fixed HTTP Request Smuggling via Content Length Obfuscation (bsc#1222384)
- CVE-2024-30260: Fixed proxy-authorization header not cleared on cross-origin redirect in undici (bsc#1222530)
- CVE-2024-30261: Fixed fetch with integrity option is too lax when algorithm is specified but hash value is in incorrect in undici (bsc#1222603)
- CVE-2024-24806: Fixed improper domain lookup that potentially leads to SSRF attacks in libuv (bsc#1220053)
The following package changes have been done:
- nodejs20-20.12.1-150500.11.9.2 updated
- npm20-20.12.1-150500.11.9.2 updated
More information about the sle-container-updates
mailing list