SUSE-CU-2023:579-1: Security update of bci/nodejs
sle-security-updates at lists.suse.com
sle-security-updates at lists.suse.com
Tue Mar 7 08:07:29 UTC 2023
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:579-1
Container Tags : bci/node:16 , bci/node:16-14.8 , bci/nodejs:16 , bci/nodejs:16-14.8
Container Release : 14.8
Severity : important
Type : security
References : 1205568 1207789 1208413 1208481 1208483 1208485 1208487 CVE-2023-23918
CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:608-1
Released: Fri Mar 3 12:03:19 2023
Summary: Security update for nodejs16
Type: security
Severity: important
References: 1205568,1208413,1208481,1208483,1208485,1208487,CVE-2023-23918,CVE-2023-23919,CVE-2023-23920,CVE-2023-23936,CVE-2023-24807
This update for nodejs16 fixes the following issues:
Update to LTS version 16.19.1:
- CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481).
- CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483).
- CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).
- CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485).
- CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413).
Bug fixes:
- Workaround for failing openssl-nodejs test (bsc#1205568).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1207789
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
The following package changes have been done:
- libjitterentropy3-3.4.0-150000.1.9.1 updated
- nodejs16-16.19.1-150400.3.15.1 updated
- npm16-16.19.1-150400.3.15.1 updated
More information about the sle-security-updates
mailing list