Revision Date: | 2023-02-15 | Version: | 1 |
Title: | Security update for nodejs18 (Moderate) |
Description: |
This update for nodejs18 fixes the following issues:
This update ships nodejs18 (jsc#PED-2097)
Update to NodejJS 18.13.0 LTS:
build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc:
+ add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse()
lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src:
+ add uvwasi version + add initial shadow realm support
test_runner:
+ add t.after() hook + don't use a symbol for runHook()
tls:
+ add 'ca' property to certificate object
util:
+ add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities
- Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042)
Update to NodeJS 18.12.1 LTS:
inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548)
Update to NodeJS 18.12.0 LTS:
Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg
Update to NodeJS 18.11.0:
added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg
Update to NodeJS 18.10.0:
deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee()
Update to Nodejs 18.9.1:
deps: llhttp updated to 6.0.10
* + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)
* crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831)
Update to Nodejs 18.9.0:
lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot
Changes in 18.8.0:
bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError
Update to Nodejs 18.7.0:
events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs
- enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303)
Update to Nodejs 18.6.0:
Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils
For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0
Update to Nodejs 18.5.0:
http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212)
For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0
Update to Nodejs 18.4.0. For detailed changes see,
https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0
Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0
|
Family: | unix | Class: | patch |
Status: | | Reference(s): | 1092480 1106853 1108627 1108637 1110358 1200303 1201325 1201326 1201327 1201328 1203831 1203832 1205042 1205119 1205236 CVE-2017-2885 CVE-2018-10779 CVE-2018-10779 CVE-2018-12910 CVE-2018-16335 CVE-2018-16335 CVE-2018-17100 CVE-2018-17100 CVE-2018-17101 CVE-2018-17101 CVE-2018-17795 CVE-2018-17795 CVE-2021-29136 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 SUSE-SU-2018:3327-1 SUSE-SU-2023:0419-1
|
Platform(s): | openSUSE Leap 15.5 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 SUSE Package Hub for SUSE Linux Enterprise 12 SUSE Package Hub for SUSE Linux Enterprise 15
| Product(s): | |
Definition Synopsis |
openSUSE Leap 15.5 is installed AND Package Information
corepack18-18.13.0-150400.9.3.1 is installed
OR nodejs18-18.13.0-150400.9.3.1 is installed
OR nodejs18-devel-18.13.0-150400.9.3.1 is installed
OR nodejs18-docs-18.13.0-150400.9.3.1 is installed
OR npm18-18.13.0-150400.9.3.1 is installed
|
Definition Synopsis |
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed
AND haproxy-1.5.4-1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 is installed
AND Package Information
bzip2-1.0.6-27 is installed
OR libbz2-1-1.0.6-27 is installed
OR libbz2-1-32bit-1.0.6-27 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP1 is installed
AND Package Information
MozillaFirefox-38.4.0esr-51 is installed
OR MozillaFirefox-translations-38.4.0esr-51 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Desktop 12 SP2 is installed
AND Package Information
ImageMagick-6.8.8.1-33 is installed
OR libMagick++-6_Q16-3-6.8.8.1-33 is installed
OR libMagickCore-6_Q16-1-6.8.8.1-33 is installed
OR libMagickCore-6_Q16-1-32bit-6.8.8.1-33 is installed
OR libMagickWand-6_Q16-1-6.8.8.1-33 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed
AND umoci-0.4.6-3.9.1 is installed
|
Definition Synopsis |
SUSE Linux Enterprise High Availability 15 is installed
AND Package Information
ruby2.5-rubygem-loofah-2.2.2-4.3 is installed
OR rubygem-loofah-2.2.2-4.3 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Basesystem 15 is installed
AND Package Information
libtiff-devel-4.0.9-5.14 is installed
OR libtiff5-4.0.9-5.14 is installed
OR tiff-4.0.9-5.14 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed
AND Package Information
libsoup-devel-2.68.3-2 is installed
OR typelib-1_0-Soup-2_4-2.68.3-2 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Legacy Software 15 is installed
AND Package Information
kernel-default-4.12.14-25.28 is installed
OR reiserfs-kmp-default-4.12.14-25.28 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed
AND Package Information
openldap2-2.4.46-9.19 is installed
OR openldap2-back-meta-2.4.46-9.19 is installed
OR openldap2-back-perl-2.4.46-9.19 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Module for Live Patching 15 is installed
AND Package Information
kernel-livepatch-4_12_14-23-default-2-4 is installed
OR kernel-livepatch-SLE15_Update_0-2-4 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 is installed
AND Package Information
java-1_7_0-openjdk-1.7.0.6-33 is installed
OR java-1_7_0-openjdk-demo-1.7.0.6-33 is installed
OR java-1_7_0-openjdk-devel-1.7.0.6-33 is installed
OR java-1_7_0-openjdk-headless-1.7.0.6-33 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Server 12 SP1 is installed
AND pcsc-ccid-1.4.14-1.45 is installed
|
Definition Synopsis |
SUSE Linux Enterprise Workstation Extension 15 is installed
AND enigmail-2.0.7-3.7 is installed
|
Definition Synopsis |
SUSE Package Hub for SUSE Linux Enterprise 12 is installed
AND Package Information
chromedriver-53.0.2785.89-96 is installed
OR chromium-53.0.2785.89-96 is installed
OR chromium-desktop-gnome-53.0.2785.89-96 is installed
OR chromium-desktop-kde-53.0.2785.89-96 is installed
OR chromium-ffmpegsumo-53.0.2785.89-96 is installed
|
Definition Synopsis |
SUSE Package Hub for SUSE Linux Enterprise 15 is installed
AND Package Information
python-slixmpp-1.3.0-bp150.3.3 is installed
OR python3-slixmpp-1.3.0-bp150.3.3 is installed
|