SUSE-CU-2025:457-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Sat Jan 25 08:12:20 UTC 2025
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:457-1
Container Tags : bci/node:20 , bci/node:20.18.2 , bci/node:20.18.2-48.14 , bci/node:latest , bci/nodejs:20 , bci/nodejs:20.18.2 , bci/nodejs:20.18.2-48.14 , bci/nodejs:latest
Container Release : 48.14
Severity : important
Type : security
References : 1236250 1236251 1236258 CVE-2025-22150 CVE-2025-23083 CVE-2025-23085
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:237-1
Released: Fri Jan 24 20:33:34 2025
Summary: Security update for nodejs20
Type: security
Severity: important
References: 1236250,1236251,1236258,CVE-2025-22150,CVE-2025-23083,CVE-2025-23085
This update for nodejs20 fixes the following issues:
Update to 20.18.2:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
The following package changes have been done:
- nodejs20-20.18.2-150600.3.9.1 updated
- npm20-20.18.2-150600.3.9.1 updated
More information about the sle-container-updates
mailing list