Alerts This Week
Warning Icon 1 1,179
Alerts This Week
Warning Icon 1 1,179

openSUSE 15.6: SUSE-SU-2024:4286-1 moderate: nodejs20 DoS

opensuse
Calendar Grey December 11, 2024
Dist Opensuse Esm H88
The openSUSE Security Team has released a warning about moderate risk vulnerabilities in nodejs20 tied to CVE-2024-21538, urging users to update to prevent security issues
An update that solves one vulnerability can now be installed.

Description

This update for nodejs20 fixes the following issues:

* CVE-2024-21538: Fixed regular expression denial of service in cross-spawn

dependency (bsc#1233856)

Other fixes: \- Updated to 20.18.1: * Experimental Network Inspection Support in

Node.js * Exposes X509_V_FLAG_PARTIAL_CHAIN to tls.createSecureContext * New

option for vm.createContext() to create a context with a freezable globalThis *

buffer: optimize createFromString \- Changes in 20.17.0: * module: support

require()ing synchronous ESM graphs * path: add matchesGlob method * stream:

expose DuplexPair API \- Changes in 20.16.0: * process: add

process.getBuiltinModule(id) * inspector: fix disable async hooks on

Debugger.setAsyncCallStackDepth * buffer: add .bytes() method to Blob

Topics%20covered

Topics Covered

security advisory moderate denial of service openSUSE nodejs CVE-2024-21538

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.6

zypper in -t patch SUSE-2024-4286=1 openSUSE-SLE-15.6-2024-4286=1

* Web and Scripting Module 15-SP6

zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP6-2024-4286=1

Package List

* openSUSE Leap 15.6 (aarch64 ppc64le s390x x86_64 i586)

* nodejs20-debugsource-20.18.1-150600.3.6.1

* nodejs20-devel-20.18.1-150600.3.6.1

* nodejs20-20.18.1-150600.3.6.1

* nodejs20-debuginfo-20.18.1-150600.3.6.1

* corepack20-20.18.1-150600.3.6.1

* npm20-20.18.1-150600.3.6.1

* openSUSE Leap 15.6 (noarch)

* nodejs20-docs-20.18.1-150600.3.6.1

* Web and Scripting Module 15-SP6 (aarch64 ppc64le s390x x86_64)

* nodejs20-debugsource-20.18.1-150600.3.6.1

* nodejs20-devel-20.18.1-150600.3.6.1

* nodejs20-20.18.1-150600.3.6.1

* nodejs20-debuginfo-20.18.1-150600.3.6.1

* npm20-20.18.1-150600.3.6.1

* Web and Scripting Module 15-SP6 (noarch)

* nodejs20-docs-20.18.1-150600.3.6.1

References

* bsc#1233856

## References:

* https://www.suse.com/security/cve/CVE-2024-21538.html

* https://bugzilla.suse.com/show_bug.cgi?id=1233856

Announcement ID: SUSE-SU-2024:4286-1
Release Date: 2024-12-11T08:30:46Z
Affected Products: * openSUSE Leap 15.6 * SUSE Linux Enterprise Server 15 SP6 * SUSE Linux Enterprise Server for SAP Applications 15 SP6 * Web and Scripting Module 15-SP6

Topics%20covered

Topics Covered

security advisory moderate denial of service openSUSE nodejs CVE-2024-21538

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here