nodejs:20 security update

nodejs 1:20.19.2-1 - Update to version 20.19.2 Fixes: CVE-2025-23166 Resolves: RHEL-91595 RHEL-89598 RHEL-92854 1:20.19.1-1 - Update to version 20.19.1 Resolves: RHEL-78763 1:20.18.2-4 - Update c-ares to 1.34.5 to address CVE-2025-31498 1:20.18.2-3 - Remove obsolete lua pretransaction script from...

GHSA-9C4H-3F7H-322R SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

Impact This is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as...

SES's dynamic import and spread operator provides possible path to arbitrary exfiltration and execution

Impact This is a hole in the confinement of guest applications under SES that may manifest as either the ability to exfiltrate information or execute arbitrary code depending on the configuration and implementation of the surrounding host. Guest program running inside a Compartment with as few as...

SUSE-SU-2023:1924-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

SUSE-SU-2023:1923-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: Update to nodejs LTS version 16.20.0: Security fixes: - CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics bsc1208744. Other changes: - update undici to 5.20.0 - update c-ares to 1.19.0 - update npm to 8.19.4...

Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...

MGASA-2023-0078 Updated nodejs packages fix security vulnerability

The following CVEs are fixed in this release: CVE-2023-23918: Node.js Permissions policies can be bypassed via process.mainModule High CVE-2023-23920: Node.js insecure loading of ICU data through ICUDATA environment variable Low More detailed information on each of the vulnerabilities can be foun...

Thursday February 16 2023 Security Releases

Thursday February 16 2023 Security Releases Update 16-February-2023 Security releases available Updates are now available for the v19.x, v18.x, v16.x, and v14.x Node.js release lines for the following issues. OpenSSL Security updates This security release includes OpenSSL security updates as...

SUSE-SU-2022:4084-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1. - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address bsc1205119. - Update to LTS version 16.18.0: http: throw error on content-length mismatch stream: add ReadableByteStream.tee deps:...

SUSE-SU-2022:4003-1 Security update for nodejs16

This update for nodejs16 fixes the following issues: - Update to LTS versino 16.18.1: - CVE-2022-43548: Fixed DNS rebinding in --inspect via invalid octal IP address bsc1205119. - Update to LTS version 16.18.0: http: throw error on content-length mismatch stream: add ReadableByteStream.tee deps:...

GHSA-2H3H-Q99F-3FHC @npmcli/arborist vulnerable to UNIX Symbolic Link (Symlink) Following

Impact Arbitrary File Creation, Arbitrary File Overwrite, Arbitrary Code Execution @npmcli/arborist, the library that calculates dependency trees and manages the nodemodules folder hierarchy for the npm command line interface, aims to guarantee that package dependency contracts will be met, and t...

SUSE-SU-2021:2618-1 Security update for nodejs8

This update for nodejs8 fixes the following issues: - update to npm 6.14.13 - CVE-2021-27290: Fixed ssri Regular Expression Denial of Service. bsc1187976 - CVE-2021-23362: Fixed hosted-git-info Regular Expression Denial of Service. bsc1187977 - CVE-2020-7774: fixes y18n Prototype Pollution...

SUSE: Security Advisory (SUSE-SU-2021:2326-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2021:2327-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: - update to 12.22.2: - CVE-2021-22918: Out of bounds read bsc1187973 - CVE-2021-23362: ssri Regular Expression Denial of Service and hosted-git-info bsc1187977 - CVE-2021-27290: Regular Expression Denial of Service bsc1187976 - CVE-2021-3450:...

SUSE: Security Advisory (SUSE-SU-2020:0104-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2020:1606-1 Security update for nodejs12

This update for nodejs12 fixes the following issues: nodejs12 was updated to version 12.18.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-8172: Fixed am issue where TLS session reuse could have led to host certificate verification bypass bsc117244...

SUSE-SU-2020:1575-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc117244...

SUSE-SU-2020:1568-1 Security update for nodejs10

This update for nodejs10 fixes the following issues: nodejs10 was updated to version 10.21.0 - CVE-2020-8174: Fixed multiple memory corruption in napigetvaluestring bsc1172443. - CVE-2020-11080: Fixed a potential denial of service when receiving unreasonably large HTTP/2 SETTINGS frames bsc117244...

SUSE-SU-2020:0247-1 Security update for nodejs6

This update for nodejs6 to version 6.17.1 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352...

SUSE-SU-2020:0063-1 Security update for nodejs10

This update for nodejs10 to version 10.18.0 fixes the following issues: Security issues fixed: - CVE-2019-16777, CVE-2019-16776, CVE-2019-16775: Updated npm to 6.13.4, fixing an arbitrary path overwrite and access via 'bin' field bsc1159352. - Added support for chacha20-poly1305 for Authenticated...