Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 546
Alerts This Week
Warning Icon 1 546

SUSE: 2023:579-1 Important Security Update for bci/nodejs

suse
Calendar Grey March 7, 2023
Scroller Suse Esm H88
The recent SUSE Container Upgrade for bci/python introduces critical security enhancements and updates, improving robustness and protection.
The container bci/nodejs was updated

Summary

Advisory ID: SUSE-SU-2023:608-1 Released: Fri Mar 3 12:03:19 2023 Summary: Security update for nodejs16 Type: security Severity: important Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate

References

References : 1205568 1207789 1208413 1208481 1208483 1208485 1208487 CVE-2023-23918

CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807

1205568,1208413,1208481,1208483,1208485,1208487,CVE-2023-23918,CVE-2023-23919,CVE-2023-23920,CVE-2023-23936,CVE-2023-24807

This update for nodejs16 fixes the following issues:

Update to LTS version 16.19.1:

- CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481).

- CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483).

- CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).

- CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485).

Severity
important
Lowest
Low
Medium
High
Critical

Container Advisory ID : SUSE-CU-2023:579-1
Container Tags : bci/node:16 , bci/node:16-14.8 , bci/nodejs:16 , bci/nodejs:16-14.8
Container Release : 14.8
Severity : important
Type : security

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.