SUSE: 2025:01879-1 important: nodejs22 critical process crash fix

suse

June 11, 2025

* bsc#1239949 * bsc#1241050 * bsc#1243217 * bsc#1243218

Summary

## This update for nodejs22 fixes the following issues: Update to version 22.15.1. Security issues fixed: * CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations (bsc#1243218). * CVE-2025-23165: memory leak and unbounded memory growth due to corrupted pointer in `node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args)` when `args[0]` is a string (bsc#1243217). Other changes and issues fixed: * Changes from version 22.15.0 * dns: add TLSA record query and parsing * assert: improve partialDeepStrictEqual * process: add execve * tls: implement tls.getCACertificates() * v8: add v8.getCppHeapStatistics() method * Changes from version 22.14.0 * fs: allow exclude option in globs to accept glob patterns

Topics Covered

security advisory memory leak SUSE scripting nodejs process crash

References

* bsc#1239949

* bsc#1241050

* bsc#1243217

* bsc#1243218

Cross-

* CVE-2025-23165

* CVE-2025-23166

CVSS scores:

* CVE-2025-23165 ( SUSE ): 6.3

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

* CVE-2025-23165 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-23165 ( NVD ): 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-23166 ( SUSE ): 8.2

CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

* CVE-2025-23166 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2025-23166 ( NVD ): 7.5 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products:

* SUSE Linux Enterprise Server 15 SP7

* SUSE Linux Enterprise Server for SAP Applications 15 SP7

* Web and Scripting Module 15-SP7

Severity

important

Lowest

Low

Medium

High

Critical

Announcement ID: SUSE-SU-2025:01879-1

Release Date: 2025-06-11T05:41:29Z

Rating: important

Topics Covered

security advisory memory leak SUSE scripting nodejs process crash

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Like staying secure? So do we.
Sign up for updates, tips, and alerts!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2025:01879-1 important: nodejs22 critical process crash fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!

Topics Covered

Topics Covered

Search News & Updates

Recent Searches

Search Advisories & Updates

Recent Searches

Get the latest News and Insights

Our Top Picks

SUSE: 2025:01879-1 important: nodejs22 critical process crash fix

Summary

Topics Covered

References

Topics Covered

Get the latest News and Insights

Related Articles

Related News

Powered By

Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases

QUICK LINKS

subscribe to newsletters!