SUSE-SU-2023:0682-1

Опубликовано: 08 мар. 2023

Источник: suse-cvrf

Описание

Security update for nodejs12

This update for nodejs12 fixes the following issues:

CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487).

Список пакетов

SUSE Enterprise Storage 7

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Enterprise Storage 7.1

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Linux Enterprise Server 15 SP2-LTSS

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Linux Enterprise Server 15 SP3-LTSS

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Linux Enterprise Server for SAP Applications 15 SP2

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Linux Enterprise Server for SAP Applications 15 SP3

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

SUSE Manager Server 4.2

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

openSUSE Leap 15.4

nodejs12-12.22.12-150200.4.44.1

nodejs12-devel-12.22.12-150200.4.44.1

nodejs12-docs-12.22.12-150200.4.44.1

npm12-12.22.12-150200.4.44.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20230682-1/
Link for SUSE-SU-2023:0682-1
https://lists.suse.com/pipermail/sle-security-updates/2023-March/014001.html
E-Mail link for SUSE-SU-2023:0682-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1208487
SUSE Bug 1208487
https://www.suse.com/security/cve/CVE-2023-23920/
SUSE CVE CVE-2023-23920 page

Описание

An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges.

Затронутые продукты

SUSE Enterprise Storage 7.1:nodejs12-12.22.12-150200.4.44.1

SUSE Enterprise Storage 7.1:nodejs12-devel-12.22.12-150200.4.44.1

SUSE Enterprise Storage 7.1:nodejs12-docs-12.22.12-150200.4.44.1

SUSE Enterprise Storage 7.1:npm12-12.22.12-150200.4.44.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-23920.html
CVE-2023-23920
https://bugzilla.suse.com/1208487
SUSE Bug 1208487

SUSE-SU-2023:0682-1

Описание

Список пакетов

SUSE Enterprise Storage 7

SUSE Enterprise Storage 7.1

SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

SUSE Linux Enterprise Server 15 SP2-LTSS

SUSE Linux Enterprise Server 15 SP3-LTSS

SUSE Linux Enterprise Server for SAP Applications 15 SP2

SUSE Linux Enterprise Server for SAP Applications 15 SP3

SUSE Manager Server 4.2

openSUSE Leap 15.4

Ссылки

Уязвимость: CVE-2023-23920

Описание

Затронутые продукты

Ссылки