SUSE-SU-2023:0673-1 -- SLES nodejs16, npm16ID: oval:org.secpod.oval:def:89048637 | Date: (C)2023-04-11 (M)2024-02-19 |
Class: PATCH | Family: unix |
This update for nodejs16 fixes the following issues: Update to LTS version 16.19.1: * CVE-2023-23918: Fixed permissions policies that could have been bypassed via process.mainModule . * CVE-2023-23919: Fixed OpenSSL error handling issues in nodejs crypto library . * CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment . * CVE-2023-23936: Fixed protection against CRLF injection in host headers inside fetch API . * CVE-2023-24807: Fixed possible Regular Expression Denial of Service via Headers.set and Headers.append methods . Bug fixes: * Workaround for failing openssl-nodejs test .
Platform: |
SUSE Linux Enterprise Server 15 SP3 |