SUSE-CU-2024:796-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Mar 5 08:03:25 UTC 2024
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2024:796-1
Container Tags : bci/node:18 , bci/node:18-16.19 , bci/nodejs:18 , bci/nodejs:18-16.19
Container Release : 16.19
Severity : important
Type : security
References : 1219724 1219992 1219993 1219997 1220014 1220017 CVE-2023-46809
CVE-2024-21892 CVE-2024-22019 CVE-2024-22025 CVE-2024-24758 CVE-2024-24806
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2024:730-1
Released: Thu Feb 29 13:00:43 2024
Summary: Security update for nodejs18
Type: security
Severity: important
References: 1219724,1219992,1219993,1219997,1220014,1220017,CVE-2023-46809,CVE-2024-21892,CVE-2024-22019,CVE-2024-22025,CVE-2024-24758,CVE-2024-24806
This update for nodejs18 fixes the following issues:
Update to 18.19.1: (security updates)
* CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992).
* CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993).
* CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997).
* CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014).
* CVE-2024-24758: undici version 5.28.3 (bsc#1220017).
* CVE-2024-24806: libuv version 1.48.0 (bsc#1219724).
Update to LTS version 18.19.0
* deps: npm updates to 10.x
* esm:
+ Leverage loaders when resolving subsequent loaders
+ import.meta.resolve unflagged
+ --experimental-default-type flag to flip module defaults
The following package changes have been done:
- nodejs18-18.19.1-150400.9.18.2 updated
- npm18-18.19.1-150400.9.18.2 updated
- container:sles15-image-15.0.0-36.11.8 updated
More information about the sle-container-updates
mailing list