SUSE-CU-2025:493-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Thu Jan 30 08:07:20 UTC 2025
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:493-1
Container Tags : bci/node:22 , bci/node:22.13.1 , bci/node:22.13.1-31.3 , bci/nodejs:22 , bci/nodejs:22.13.1 , bci/nodejs:22.13.1-31.3
Container Release : 31.3
Severity : important
Type : security
References : 1236250 1236251 1236258 CVE-2025-22150 CVE-2025-23083 CVE-2025-23085
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:284-1
Released: Wed Jan 29 14:47:54 2025
Summary: Security update for nodejs22
Type: security
Severity: important
References: 1236250,1236251,1236258,CVE-2025-22150,CVE-2025-23083,CVE-2025-23085
This update for nodejs22 fixes the following issues:
Update to 22.13.1:
- CVE-2025-23083: Fixed worker permission bypass via InternalWorker leak in diagnostics (bsc#1236251)
- CVE-2025-23085: Fixed HTTP2 memory leak on premature close and ERR_PROTO (bsc#1236250)
- CVE-2025-22150: Fixed insufficiently random values used when defining the boundary for a multipart/form-data request in undici (bsc#1236258)
The following package changes have been done:
- nodejs22-22.13.1-150600.13.6.1 updated
- npm22-22.13.1-150600.13.6.1 updated
More information about the sle-container-updates
mailing list