SUSE: 2022:813-1 Critical Security Advisory for Nodejs Released
suse
April 29, 2022
The container bci/nodejs was updated
Summary
Advisory ID: SUSE-SU-2022:1461-1 Released: Thu Apr 28 16:25:04 2022 Summary: Security update for nodejs12 Type: security Severity: important
Topics Covered
References
References : 1194819 1196877 1197283 1198247 CVE-2021-44906 CVE-2021-44907
CVE-2022-0235 CVE-2022-0778
1194819,1196877,1197283,1198247,CVE-2021-44906,CVE-2021-44907,CVE-2022-0235,CVE-2022-0778
This update for nodejs12 fixes the following issues:
- CVE-2022-0778: Fixed a infinite loop in BN_mod_sqrt() reachable when parsing certificates (bsc#1196877).
- CVE-2021-44906: Fixed a prototype pollution in node-minimist (bsc#1198247).
- CVE-2021-44907: Fixed a potential Denial of Service vulnerability in node-qs (bsc#1197283).
- CVE-2022-0235: Fixed an exposure of sensitive information to an unauthorized actor in node-fetch (bsc#1194819).
The following package changes have been done:
- nodejs12-12.22.12-150200.4.32.1 updated
- npm12-12.22.12-150200.4.32.1 updated
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2022:813-1
Container Tags : bci/node:12 , bci/node:12-15.7 , bci/nodejs:12 , bci/nodejs:12-15.7
Container Release : 15.7
Severity : important
Type : security
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!