SUSE Container Update Advisory: bci/nodejs
-----------------------------------------------------------------
Container Advisory ID : SUSE-CU-2023:579-1
Container Tags : bci/node:16 , bci/node:16-14.8 , bci/nodejs:16 , bci/nodejs:16-14.8
Container Release : 14.8
Severity : important
Type : security
References : 1205568 1207789 1208413 1208481 1208483 1208485 1208487 CVE-2023-23918
CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807
-----------------------------------------------------------------
The container bci/nodejs was updated. The following patches have been included in this update:
-----------------------------------------------------------------
Advisory ID: SUSE-SU-2023:608-1
Released: Fri Mar 3 12:03:19 2023
Summary: Security update for nodejs16
Type: security
Severity: important
References: 1205568,1208413,1208481,1208483,1208485,1208487,CVE-2023-23918,CVE-2023-23919,CVE-2023-23920,CVE-2023-23936,CVE-2023-24807
This update for nodejs16 fixes the following issues:
Update to LTS version 16.19.1:
- CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481).
- CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483).
- CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).
- CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485).
- CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413).
Bug fixes:
- Workaround for failing openssl-nodejs test (bsc#1205568).
-----------------------------------------------------------------
Advisory ID: SUSE-RU-2023:617-1
Released: Fri Mar 3 16:49:06 2023
Summary: Recommended update for jitterentropy
Type: recommended
Severity: moderate
References: 1207789
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
The following package changes have been done:
- libjitterentropy3-3.4.0-150000.1.9.1 updated
- nodejs16-16.19.1-150400.3.15.1 updated
- npm16-16.19.1-150400.3.15.1 updated
SUSE: 2023:579-1 bci/nodejs Security Update
March 7, 2023
The container bci/nodejs was updated
Summary
Advisory ID: SUSE-SU-2023:608-1 Released: Fri Mar 3 12:03:19 2023 Summary: Security update for nodejs16 Type: security Severity: important Advisory ID: SUSE-RU-2023:617-1 Released: Fri Mar 3 16:49:06 2023 Summary: Recommended update for jitterentropy Type: recommended Severity: moderate
References
References : 1205568 1207789 1208413 1208481 1208483 1208485 1208487 CVE-2023-23918
CVE-2023-23919 CVE-2023-23920 CVE-2023-23936 CVE-2023-24807
1205568,1208413,1208481,1208483,1208485,1208487,CVE-2023-23918,CVE-2023-23919,CVE-2023-23920,CVE-2023-23936,CVE-2023-24807
This update for nodejs16 fixes the following issues:
Update to LTS version 16.19.1:
- CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481).
- CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483).
- CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).
- CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485).
- CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413).
Bug fixes:
- Workaround for failing openssl-nodejs test (bsc#1205568).
1207789
This update for jitterentropy fixes the following issues:
- build jitterentropy library with debuginfo (bsc#1207789)
The following package changes have been done:
- libjitterentropy3-3.4.0-150000.1.9.1 updated
- nodejs16-16.19.1-150400.3.15.1 updated
- npm16-16.19.1-150400.3.15.1 updated
Severity
Container Advisory ID : SUSE-CU-2023:579-1
Container Tags : bci/node:16 , bci/node:16-14.8 , bci/nodejs:16 , bci/nodejs:16-14.8
Container Release : 14.8
Severity : important
Type : security
News
HOWTOs
Features
Interview with Guardian Digital CEO Dave Wreski: Open Source Utilization in Email Security Solutions & More
Verifying Linux Server Security: What Every Admin Needs to Know
What Linux, Windows & Mac OS Users Need to Know About VPNs
Complete Guide to Vulnerability Basics
How To Get Live Updates on Critical Linux Security Advisories
About Us
Powered By
