SUSE-CU-2025:4672-1: Security update of bci/nodejs
sle-container-updates at lists.suse.com
sle-container-updates at lists.suse.com
Tue Jun 24 07:12:20 UTC 2025
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2025:4672-1
Container Tags : bci/node:20 , bci/node:20.19.2 , bci/node:20.19.2-54.6 , bci/nodejs:20 , bci/nodejs:20.19.2 , bci/nodejs:20.19.2-54.6
Container Release : 54.6
Severity : important
Type : security
References : 1239949 1243217 1243218 1243220 CVE-2025-23165 CVE-2025-23166
CVE-2025-23167
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2025:2045-1
Released: Fri Jun 20 13:03:59 2025
Summary: Security update for nodejs20
Type: security
Severity: important
References: 1239949,1243217,1243218,1243220,CVE-2025-23165,CVE-2025-23166,CVE-2025-23167
This update for nodejs20 fixes the following issues:
Update to 20.19.2:
- CVE-2025-23166: improper error handling in async cryptographic operations crashes process (bsc#1243218).
- CVE-2025-23167: improper HTTP header block termination in llhttp (bsc#1243220).
- CVE-2025-23165: add missing call to uv_fs_req_cleanup (bsc#1243217).
Other bugfixes:
- Build with PIE (bsc#1239949)
The following package changes have been done:
- nodejs20-20.19.2-150600.3.12.1 updated
- npm20-20.19.2-150600.3.12.1 updated
- container:registry.suse.com-bci-bci-base-15.6-7f1a9a6fc65c96293ea124e432d476840e77b5afceecce79e19e67ab2153d3c1-0 updated
- libcares2-1.19.1-150000.3.26.1 removed
- netcfg-11.6-150000.3.6.1 removed
More information about the sle-container-updates
mailing list