SUSE Container Update Advisory: bci/nodejs ----------------------------------------------------------------- Container Advisory ID : SUSE-CU-2024:796-1 Container Tags : bci/node:18 , bci/node:18-16.19 , bci/nodejs:18 , bci/nodejs:18-16.19 Container Release : 16.19 Severity : important Type : security References : 1219724 1219992 1219993 1219997 1220014 1220017 CVE-2023-46809 CVE-2024-21892 CVE-2024-22019 CVE-2024-22025 CVE-2024-24758 CVE-2024-24806 ----------------------------------------------------------------- The container bci/nodejs was updated. The following patches have been included in this update: ----------------------------------------------------------------- Advisory ID: SUSE-SU-2024:730-1 Released: Thu Feb 29 13:00:43 2024 Summary: Security update for nodejs18 Type: security Severity: important References: 1219724,1219992,1219993,1219997,1220014,1220017,CVE-2023-46809,CVE-2024-21892,CVE-2024-22019,CVE-2024-22025,CVE-2024-24758,CVE-2024-24806 This update for nodejs18 fixes the following issues: Update to 18.19.1: (security updates) * CVE-2024-21892: Code injection and privilege escalation through Linux capabilities (bsc#1219992). * CVE-2024-22019: http: Reading unprocessed HTTP request with unbounded chunk extension allows DoS attacks (bsc#1219993). * CVE-2023-46809: Node.js is vulnerable to the Marvin Attack (timing variant of the Bleichenbacher attack against PKCS#1 v1.5 padding) (bsc#1219997). * CVE-2024-22025: Denial of Service by resource exhaustion in fetch() brotli decoding (bsc#1220014). * CVE-2024-24758: undici version 5.28.3 (bsc#1220017). * CVE-2024-24806: libuv version 1.48.0 (bsc#1219724). Update to LTS version 18.19.0 * deps: npm updates to 10.x * esm: + Leverage loaders when resolving subsequent loaders + import.meta.resolve unflagged + --experimental-default-type flag to flip module defaults The following package changes have been done: - nodejs18-18.19.1-150400.9.18.2 updated - npm18-18.19.1-150400.9.18.2 updated - container:sles15-image-15.0.0-36.11.8 updated