SUSE-SU-2025:3919-1

Опубликовано: 03 нояб. 2025

Источник: suse-cvrf

Описание

Security update for nodejs18

This update for nodejs18 fixes the following issues:

CVE-2025-7783: Switched away from Math.random() in boundary values for multipart form-encoded data (bsc#1246818)

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

nodejs18-18.20.8-8.41.1

nodejs18-devel-18.20.8-8.41.1

nodejs18-docs-18.20.8-8.41.1

npm18-18.20.8-8.41.1

Ссылки

https://www.suse.com/support/update/announcement/2025/suse-su-20253919-1/
Link for SUSE-SU-2025:3919-1
https://lists.suse.com/pipermail/sle-security-updates/2025-November/023140.html
E-Mail link for SUSE-SU-2025:3919-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1246818
SUSE Bug 1246818
https://www.suse.com/security/cve/CVE-2025-7783/
SUSE CVE CVE-2025-7783 page

Описание

Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution (HPP). This vulnerability is associated with program files lib/form_data.Js. This issue affects form-data: < 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3.

Затронутые продукты

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-18.20.8-8.41.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-devel-18.20.8-8.41.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:nodejs18-docs-18.20.8-8.41.1

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5:npm18-18.20.8-8.41.1

Ссылки

https://www.suse.com/security/cve/CVE-2025-7783.html
CVE-2025-7783
https://bugzilla.suse.com/1246810
SUSE Bug 1246810

SUSE-SU-2025:3919-1

Описание

Список пакетов

SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

Ссылки

Уязвимость: CVE-2025-7783

Описание

Затронутые продукты

Ссылки