SUSE-CU-2024:6246-1: Security update of bci/nodejs

sle-container-updates at lists.suse.com sle-container-updates at lists.suse.com
Wed Dec 11 13:59:15 UTC 2024 

SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6246-1
Container Tags        : bci/node:20 , bci/node:20.18.1 , bci/node:20.18.1-47.5 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.1 , bci/nodejs:20.18.1-47.5 , bci/nodejs:latest
Container Release     : 47.5
Severity              : moderate
Type                  : security
References            : 1233856 1234068 CVE-2024-11053 CVE-2024-21538 
-----------------------------------------------------------------

The container bci/nodejs was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4286-1
Released:    Wed Dec 11 09:30:38 2024
Summary:     Security update for nodejs20
Type:        security
Severity:    moderate
References:  1233856,CVE-2024-21538
This update for nodejs20 fixes the following issues:

- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)

Other fixes:
- Updated to 20.18.1:
  * Experimental Network Inspection Support in Node.js
  * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext
  * New option for vm.createContext() to create a context with a
    freezable globalThis
  * buffer: optimize createFromString
- Changes in 20.17.0:
  * module: support require()ing synchronous ESM graphs
  * path: add matchesGlob method
  * stream: expose DuplexPair API
- Changes in 20.16.0:
  * process: add process.getBuiltinModule(id)
  * inspector: fix disable async hooks on Debugger.setAsyncCallStackDepth
  * buffer: add .bytes() method to Blob

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4288-1
Released:    Wed Dec 11 09:31:32 2024
Summary:     Security update for curl
Type:        security
Severity:    moderate
References:  1234068,CVE-2024-11053
This update for curl fixes the following issues:

  - CVE-2024-11053: Fixed password leak used for the first host to the followed-to host under certain circumstances (bsc#1234068)


The following package changes have been done:

- nodejs20-20.18.1-150600.3.6.1 updated
- curl-8.6.0-150600.4.15.1 updated
- npm20-20.18.1-150600.3.6.1 updated

More information about the sle-container-updates mailing list