SUSE-CU-2023:579-1: Security update of bci/nodejs

sle-updates at lists.suse.com sle-updates at lists.suse.com
Tue Mar 7 08:07:29 UTC 2023 

SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:579-1
Container Tags        : bci/node:16 , bci/node:16-14.8 , bci/nodejs:16 , bci/nodejs:16-14.8
Container Release     : 14.8
Severity              : important
Type                  : security
References            : 1205568 1207789 1208413 1208481 1208483 1208485 1208487 CVE-2023-23918
                        CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807 
-----------------------------------------------------------------

The container bci/nodejs was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:608-1
Released:    Fri Mar  3 12:03:19 2023
Summary:     Security update for nodejs16
Type:        security
Severity:    important
References:  1205568,1208413,1208481,1208483,1208485,1208487,CVE-2023-23918,CVE-2023-23919,CVE-2023-23920,CVE-2023-23936,CVE-2023-24807
This update for nodejs16 fixes the following issues:

Update to LTS version 16.19.1:

- CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481).
- CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483).
- CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).
- CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485).
- CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413).

Bug fixes:

- Workaround for failing openssl-nodejs test (bsc#1205568).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released:    Fri Mar  3 16:49:06 2023
Summary:     Recommended update for jitterentropy
Type:        recommended
Severity:    moderate
References:  1207789
This update for jitterentropy fixes the following issues:

- build jitterentropy library with debuginfo (bsc#1207789)


The following package changes have been done:

- libjitterentropy3-3.4.0-150000.1.9.1 updated
- nodejs16-16.19.1-150400.3.15.1 updated
- npm16-16.19.1-150400.3.15.1 updated

More information about the sle-updates mailing list