SUSE-SU-2023:0606-1

Опубликовано: 03 мар. 2023

Источник: suse-cvrf

Описание

Security update for nodejs10

This update for nodejs10 fixes the following issues:

CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).

Список пакетов

SUSE Enterprise Storage 7

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

SUSE Linux Enterprise Server 15 SP1-LTSS

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

SUSE Linux Enterprise Server 15 SP2-LTSS

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

SUSE Linux Enterprise Server for SAP Applications 15 SP1

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

openSUSE Leap 15.4

nodejs10-10.24.1-150000.1.56.1

nodejs10-devel-10.24.1-150000.1.56.1

nodejs10-docs-10.24.1-150000.1.56.1

npm10-10.24.1-150000.1.56.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230606-1/
Link for SUSE-SU-2023:0606-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/013973.html
E-Mail link for SUSE-SU-2023:0606-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208487
SUSE Bug 1208487
https://www.suse.com/security/cve/CVE-2023-23920/
SUSE CVE CVE-2023-23920 page

Описание

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Затронутые продукты

SUSE Enterprise Storage 7:nodejs10-10.24.1-150000.1.56.1

SUSE Enterprise Storage 7:nodejs10-devel-10.24.1-150000.1.56.1

SUSE Enterprise Storage 7:nodejs10-docs-10.24.1-150000.1.56.1

SUSE Enterprise Storage 7:npm10-10.24.1-150000.1.56.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-23920.html
CVE-2023-23920
https://bugzilla.suse.com/1208487
SUSE Bug 1208487

SUSE-SU-2023:0606-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP1-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-23920

Описание

Затронутые продукты

Ссылки