SUSE: 2023:745-1 Important: bci/nodejs Security Update Overview
suse
March 21, 2023
The container bci/nodejs was updated
Summary
Advisory ID: SUSE-SU-2023:738-1 Released: Wed Mar 15 08:17:45 2023 Summary: Security update for nodejs18 Type: security Severity: important Advisory ID: SUSE-RU-2023:776-1 Released: Thu Mar 16 17:29:23 2023 Summary: Recommended update for gcc12 Type: recommended Severity: moderate Advisory ID: SUSE-RU-2023:782-1 Released: Thu Mar 16 19:08:34 2023 Summary: Recommended update for libgcrypt Type: recommended
References
References : 1208413 1208481 1208483 1208485 1208487 1208924 1208925 1208926
1208998 CVE-2023-23918 CVE-2023-23919 CVE-2023-23920 CVE-2023-23936
CVE-2023-24807
1208413,1208481,1208483,1208485,1208487,CVE-2023-23918,CVE-2023-23919,CVE-2023-23920,CVE-2023-23936,CVE-2023-24807
This update for nodejs18 fixes the following issues:
Update to NodeJS 18.14.2 LTS:
- CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481).
- CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483).
- CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).
- CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485).
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Container Advisory ID : SUSE-CU-2023:745-1
Container Tags : bci/node:18 , bci/node:18-3.5 , bci/node:latest , bci/nodejs:18 , bci/nodejs:18-3.5 , bci/nodejs:latest
Container Release : 3.5
Severity : important
Type : security
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!