SUSE: 2022:3266-1 bci/nodejs Security Update | LinuxSecurity.com
SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2022:3266-1
Container Tags        : bci/node:12 , bci/node:12-17.83 , bci/nodejs:12 , bci/nodejs:12-17.83
Container Release     : 17.83
Severity              : important
Type                  : security
References            : 1188607 1203125 1204577 1205119 CVE-2019-18348 CVE-2020-10735
                        CVE-2020-8492 CVE-2022-37454 CVE-2022-43548 
-----------------------------------------------------------------

The container bci/nodejs was updated. The following patches have been included in this update:

-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4254-1
Released:    Mon Nov 28 12:29:21 2022
Summary:     Security update for nodejs12
Type:        security
Severity:    important
References:  1205119,CVE-2022-43548
This update for nodejs12 fixes the following issues:

- CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119).

-----------------------------------------------------------------
Advisory ID: SUSE-RU-2022:4256-1
Released:    Mon Nov 28 12:36:32 2022
Summary:     Recommended update for gcc12
Type:        recommended
Severity:    moderate
References:  
This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15
versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux
Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the
PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.
- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

	https://gcc.gnu.org/gcc-12/changes.html


-----------------------------------------------------------------
Advisory ID: SUSE-SU-2022:4281-1
Released:    Tue Nov 29 15:46:10 2022
Summary:     Security update for python3
Type:        security
Severity:    important
References:  1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)
- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).


The following package changes have been done:

- libgcc_s1-12.2.1+git416-150000.1.5.1 updated
- libpython3_6m1_0-3.6.15-150300.10.37.2 updated
- libstdc++6-12.2.1+git416-150000.1.5.1 updated
- nodejs12-12.22.12-150200.4.41.2 updated
- npm12-12.22.12-150200.4.41.2 updated
- python3-base-3.6.15-150300.10.37.2 updated
- container:sles15-image-15.0.0-17.20.77 updated

SUSE: 2022:3266-1 bci/nodejs Security Update

December 1, 2022
The container bci/nodejs was updated

Summary

Advisory ID: SUSE-SU-2022:4254-1 Released: Mon Nov 28 12:29:21 2022 Summary: Security update for nodejs12 Type: security Severity: important Advisory ID: SUSE-RU-2022:4256-1 Released: Mon Nov 28 12:36:32 2022 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-SU-2022:4281-1 Released: Tue Nov 29 15:46:10 2022 Summary: Security update for python3 Type: security Severity: important

References

References : 1188607 1203125 1204577 1205119 CVE-2019-18348 CVE-2020-10735

CVE-2020-8492 CVE-2022-37454 CVE-2022-43548

1205119,CVE-2022-43548

This update for nodejs12 fixes the following issues:

- CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address (bsc#1205119).

This update for gcc12 fixes the following issues:

This update ship the GCC 12 compiler suite and its base libraries.

The compiler baselibraries are provided for all SUSE Linux Enterprise 15

versions and replace the same named GCC 11 ones.

The new compilers for C, C++, and Fortran are provided for SUSE Linux

Enterprise 15 SP3 and SP4, and provided in the 'Development Tools' module.

The Go, D and Ada language compiler parts are available unsupported via the

PackageHub repositories.

To use gcc12 compilers use:

- install 'gcc12' or 'gcc12-c++' or one of the other 'gcc12-COMPILER' frontend packages.

- override your Makefile to use CC=gcc12, CXX=g++12 and similar overrides for the other languages.

For a full changelog with all new GCC12 features, check out

https://gcc.gnu.org/gcc-12/changes.html

1188607,1203125,1204577,CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454

This update for python3 fixes the following issues:

- CVE-2022-37454: Fixed a buffer overflow in hashlib.sha3_* implementations. (bsc#1204577)

- CVE-2020-10735: Fixed a bug to limit amount of digits converting text to int and vice vera. (bsc#1203125)

The following non-security bug was fixed:

- Fixed a crash in the garbage collection (bsc#1188607).

The following package changes have been done:

- libgcc_s1-12.2.1+git416-150000.1.5.1 updated

- libpython3_6m1_0-3.6.15-150300.10.37.2 updated

- libstdc++6-12.2.1+git416-150000.1.5.1 updated

- nodejs12-12.22.12-150200.4.41.2 updated

- npm12-12.22.12-150200.4.41.2 updated

- python3-base-3.6.15-150300.10.37.2 updated

- container:sles15-image-15.0.0-17.20.77 updated

Severity
Container Advisory ID : SUSE-CU-2022:3266-1
Container Tags : bci/node:12 , bci/node:12-17.83 , bci/nodejs:12 , bci/nodejs:12-17.83
Container Release : 17.83
Severity : important
Type : security

We use cookies to provide and improve our services. By using our site, you consent to our Cookie Policy.