1. Home
  2. Security Advisories
  3. SUSE
  4. SUSE-SU-2023:0738-1

[SUSE-SU-2023:0738-1] Security update for nodejs18

Severity Important
Affected Packages 17
CVEs 5
Info Packages References Vulnerabilities

Security update for nodejs18

This update for nodejs18 fixes the following issues:

Update to NodeJS 18.14.2 LTS:

  • CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule (bsc#1208481).
  • CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library (bsc#1208483).
  • CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).
  • CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API (bsc#1208485).
  • CVE-2023-24807: Fixed possible Regular Expression Denial of Service (ReDoS) via Headers.set() and Headers.append() methods (bsc#1208413).
Package Affected Version
pkg:rpm/suse/npm18?arch=x86_64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/npm18?arch=s390x&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/npm18?arch=ppc64le&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/npm18?arch=aarch64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18?arch=x86_64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18?arch=s390x&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18?arch=ppc64le&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18?arch=aarch64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18-docs?arch=noarch&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18-devel?arch=x86_64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18-devel?arch=s390x&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18-devel?arch=ppc64le&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/nodejs18-devel?arch=aarch64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/corepack18?arch=x86_64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/corepack18?arch=s390x&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/corepack18?arch=ppc64le&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
pkg:rpm/suse/corepack18?arch=aarch64&distro=opensuse-leap-15.4 < 18.14.2-150400.9.6.2
ID
SUSE-SU-2023:0738-1
Severity
important
URL
https://www.suse.com/support/update/announcement/2023/suse-su-20230738-1/
Published
2023-03-15T07:17:55
(18 months ago)
Modified
2023-03-15T07:17:55
(18 months ago)
Rights
Copyright 2024 SUSE LLC. All rights reserved.
Other Advisories
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/suse/npm18?arch=x86_64&distro=opensuse-leap-15.4 suse npm18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/npm18?arch=s390x&distro=opensuse-leap-15.4 suse npm18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/npm18?arch=ppc64le&distro=opensuse-leap-15.4 suse npm18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/npm18?arch=aarch64&distro=opensuse-leap-15.4 suse npm18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/nodejs18?arch=x86_64&distro=opensuse-leap-15.4 suse nodejs18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/nodejs18?arch=s390x&distro=opensuse-leap-15.4 suse nodejs18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/nodejs18?arch=ppc64le&distro=opensuse-leap-15.4 suse nodejs18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/nodejs18?arch=aarch64&distro=opensuse-leap-15.4 suse nodejs18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/nodejs18-docs?arch=noarch&distro=opensuse-leap-15.4 suse nodejs18-docs < 18.14.2-150400.9.6.2 opensuse-leap-15.4 noarch
Affected pkg:rpm/suse/nodejs18-devel?arch=x86_64&distro=opensuse-leap-15.4 suse nodejs18-devel < 18.14.2-150400.9.6.2 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/nodejs18-devel?arch=s390x&distro=opensuse-leap-15.4 suse nodejs18-devel < 18.14.2-150400.9.6.2 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/nodejs18-devel?arch=ppc64le&distro=opensuse-leap-15.4 suse nodejs18-devel < 18.14.2-150400.9.6.2 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/nodejs18-devel?arch=aarch64&distro=opensuse-leap-15.4 suse nodejs18-devel < 18.14.2-150400.9.6.2 opensuse-leap-15.4 aarch64
Affected pkg:rpm/suse/corepack18?arch=x86_64&distro=opensuse-leap-15.4 suse corepack18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 x86_64
Affected pkg:rpm/suse/corepack18?arch=s390x&distro=opensuse-leap-15.4 suse corepack18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 s390x
Affected pkg:rpm/suse/corepack18?arch=ppc64le&distro=opensuse-leap-15.4 suse corepack18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 ppc64le
Affected pkg:rpm/suse/corepack18?arch=aarch64&distro=opensuse-leap-15.4 suse corepack18 < 18.14.2-150400.9.6.2 opensuse-leap-15.4 aarch64
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date