SUSE-CU-2024:6346-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Dec 12 16:28:19 UTC 2024
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:6346-1
Container Tags : bci/node:18 , bci/node:18.20.5 , bci/node:18.20.5-40.4 , bci/nodejs:18 , bci/nodejs:18.20.5 , bci/nodejs:18.20.5-40.4
Container Release : 40.4
Severity : moderate
Type : security
References : 1233856 CVE-2024-21538
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:4301-1
Released: Thu Dec 12 09:10:32 2024
Summary: Security update for nodejs18
Type: security
Severity: moderate
References: 1233856,CVE-2024-21538
This update for nodejs18 fixes the following issues:
- CVE-2024-21538: Fixed regular expression denial of service in cross-spawn dependency (bsc#1233856)
Other fixes:
- Update to 18.20.5
* esm: mark import attributes and JSON module as stable
* deps:
+ upgrade npm to 10.8.2
+ update simdutf to 5.6.0
+ update brotli to 1.1.0
+ update ada to 2.8.0
+ update acorn to 8.13.0
+ update acorn-walk to 8.3.4
+ update c-ares to 1.29.0
The following package changes have been done:
- nodejs18-18.20.5-150400.9.30.1 updated
- npm18-18.20.5-150400.9.30.1 updated
More information about the sle-container-updates
mailing list