Описание
Security update for nodejs16
This update for nodejs16 fixes the following issues:
Update to nodejs LTS version 16.20.0:
Security fixes:
- CVE-2022-25881: Fixed ReDoS vulnerability in http-cache-semantics (bsc#1208744).
Other changes:
- update undici to 5.20.0
- update c-ares to 1.19.0
- update npm to 8.19.4
Список пакетов
Container bci/node:16
nodejs16-16.20.0-150400.3.18.2
npm16-16.20.0-150400.3.18.2
SUSE Linux Enterprise Module for Web and Scripting 15 SP4
nodejs16-16.20.0-150400.3.18.2
nodejs16-devel-16.20.0-150400.3.18.2
nodejs16-docs-16.20.0-150400.3.18.2
npm16-16.20.0-150400.3.18.2
openSUSE Leap 15.4
corepack16-16.20.0-150400.3.18.2
nodejs16-16.20.0-150400.3.18.2
nodejs16-devel-16.20.0-150400.3.18.2
nodejs16-docs-16.20.0-150400.3.18.2
npm16-16.20.0-150400.3.18.2
Ссылки
- Link for SUSE-SU-2023:1924-1
- E-Mail link for SUSE-SU-2023:1924-1
- SUSE Security Ratings
- SUSE Bug 1208744
- SUSE CVE CVE-2022-25881 page
Описание
This affects versions of the package http-cache-semantics before 4.1.1. The issue can be exploited via malicious request header values sent to a server, when that server reads the cache policy from the request using this library.
Затронутые продукты
Container bci/node:16:nodejs16-16.20.0-150400.3.18.2
Container bci/node:16:npm16-16.20.0-150400.3.18.2
SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs16-16.20.0-150400.3.18.2
SUSE Linux Enterprise Module for Web and Scripting 15 SP4:nodejs16-devel-16.20.0-150400.3.18.2
Ссылки
- CVE-2022-25881
- SUSE Bug 1208744