OVAL Reference oval:org.opensuse.security:def:1253

Oval Definition:

oval:org.opensuse.security:def:1253

Revision Date:	2023-02-15	Version:	1
Title:	Security update for nodejs18 (Moderate)
Description:	This update for nodejs18 fixes the following issues: This update ships nodejs18 (jsc#PED-2097) Update to NodejJS 18.13.0 LTS: build: disable v8 snapshot compression by default * crypto: update root certificates * deps: update ICU to 72.1 * doc: + add doc-only deprecation for headers/trailers setters + add Rafael to the tsc + deprecate use of invalid ports in url.parse + deprecate url.parse() lib: drop fetch experimental warning * net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options * src: + add uvwasi version + add initial shadow realm support test_runner: + add t.after() hook + don't use a symbol for runHook() tls: + add 'ca' property to certificate object util: + add fast path for utf8 encoding + improve textdecoder decode performance + add MIME utilities - Fixes compatibility with ICU 72.1 (bsc#1205236) - Fix migration to openssl-3 (bsc#1205042) Update to NodeJS 18.12.1 LTS: inspector: DNS rebinding in --inspect via invalid octal IP (bsc#1205119, CVE-2022-43548) Update to NodeJS 18.12.0 LTS: Running in 'watch' mode using node --watch restarts the process when an imported file is changed. * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * util: add default value option to parsearg Update to NodeJS 18.11.0: added experimental watch mode -- running in 'watch' mode using node --watch restarts the process when an imported file is changed * fs: add FileHandle.prototype.readLines * http: add writeEarlyHints function to ServerResponse * http2: make early hints generic * lib: refactor transferable AbortSignal * src: add detailed embedder process initialization API * util: add default value option to parsearg Update to NodeJS 18.10.0: deps: upgrade npm to 8.19.2 * http: throw error on content-length mismatch * stream: add ReadableByteStream.tee() Update to Nodejs 18.9.1: deps: llhttp updated to 6.0.10 * + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325) + Incorrect Parsing of Multi-line Transfer-Encoding (CVE-2022-32215, bsc#1201327) + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832) * crypto: fix weak randomness in WebCrypto keygen (CVE-2022-35255, bsc#1203831) Update to Nodejs 18.9.0: lib - add diagnostics channel for process and worker * os - add machine method * report - expose report public native apis * src - expose environment RequestInterrupt api * vm - include vm context in the embedded snapshot Changes in 18.8.0: bootstrap: implement run-time user-land snapshots via --build-snapshot and --snapshot-blob. See * crypto: + allow zero-length IKM in HKDF and in webcrypto PBKDF2 + allow zero-length secret KeyObject * deps: upgrade npm to 8.18.0 * http: make idle http parser count configurable * net: add local family * src: print source map error source on demand * tls: pass a valid socket on tlsClientError Update to Nodejs 18.7.0: events: add CustomEvent * http: add drop request event for http server * lib: improved diagnostics_channel subscribe/unsubscribe * util: add tokens to parseArgs - enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303) Update to Nodejs 18.6.0: Experimental ESM Loader Hooks API. For details see, https://nodejs.org/api/esm.html * dns: export error code constants from dns/promises * esm: add chaining to loaders * http: add diagnostics channel for http client * http: add perf_hooks detail for http request and client * module: add isBuiltIn method * net: add drop event for net server * test_runner: expose describe and it * v8: add v8.startupSnapshot utils For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0 Update to Nodejs 18.5.0: http: stricter Transfer-Encoding and header separator parsing (bsc#1201325, bsc#1201326, bsc#1201327, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215) * src: fix IPv4 validation in inspector_socket (bsc#1201328, CVE-2022-32212) For details, see https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0 Update to Nodejs 18.4.0. For detailed changes see, https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0 Initial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see https://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0
Family:	unix	Class:	patch
Status:		Reference(s):	1092480 1106853 1108627 1108637 1110358 1200303 1201325 1201326 1201327 1201328 1203831 1203832 1205042 1205119 1205236 CVE-2017-2885 CVE-2018-10779 CVE-2018-10779 CVE-2018-12910 CVE-2018-16335 CVE-2018-16335 CVE-2018-17100 CVE-2018-17100 CVE-2018-17101 CVE-2018-17101 CVE-2018-17795 CVE-2018-17795 CVE-2021-29136 CVE-2022-32212 CVE-2022-32213 CVE-2022-32214 CVE-2022-32215 CVE-2022-35255 CVE-2022-35256 CVE-2022-43548 SUSE-SU-2018:3327-1 SUSE-SU-2023:0419-1
Platform(s):	openSUSE Leap 15.5 SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 SUSE Linux Enterprise Desktop 12 SUSE Linux Enterprise Desktop 12 SP1 SUSE Linux Enterprise Desktop 12 SP2 SUSE Linux Enterprise Desktop 15 SP3 SUSE Linux Enterprise High Availability 15 SUSE Linux Enterprise High Performance Computing 15 SP3 SUSE Linux Enterprise Module for Basesystem 15 SUSE Linux Enterprise Module for Basesystem 15 SP3 SUSE Linux Enterprise Module for Desktop Applications 15 SP2 SUSE Linux Enterprise Module for Legacy Software 15 SUSE Linux Enterprise Module for Legacy Software 15 SP1 SUSE Linux Enterprise Module for Live Patching 15 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12 SP1 SUSE Linux Enterprise Server 12 SP2 SUSE Linux Enterprise Server 15 SP3 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Linux Enterprise Software Development Kit 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP3 SUSE Linux Enterprise Software Development Kit 12 SP1 SUSE Linux Enterprise Software Development Kit 12 SP2 SUSE Linux Enterprise Workstation Extension 12 SUSE Linux Enterprise Workstation Extension 12 SP1 SUSE Linux Enterprise Workstation Extension 15 SUSE Manager Proxy 4.2 SUSE Manager Server 4.2 SUSE Package Hub for SUSE Linux Enterprise 12 SUSE Package Hub for SUSE Linux Enterprise 15	Product(s):
Definition Synopsis
openSUSE Leap 15.5 is installed AND Package Information corepack18-18.13.0-150400.9.3.1 is installed OR nodejs18-18.13.0-150400.9.3.1 is installed OR nodejs18-devel-18.13.0-150400.9.3.1 is installed OR nodejs18-docs-18.13.0-150400.9.3.1 is installed OR npm18-18.13.0-150400.9.3.1 is installed
Definition Synopsis
SUSE Cloud Compute Node for SUSE Linux Enterprise 12 5 is installed AND haproxy-1.5.4-1 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 is installed AND Package Information bzip2-1.0.6-27 is installed OR libbz2-1-1.0.6-27 is installed OR libbz2-1-32bit-1.0.6-27 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP1 is installed AND Package Information MozillaFirefox-38.4.0esr-51 is installed OR MozillaFirefox-translations-38.4.0esr-51 is installed
Definition Synopsis
SUSE Linux Enterprise Desktop 12 SP2 is installed AND Package Information ImageMagick-6.8.8.1-33 is installed OR libMagick++-6_Q16-3-6.8.8.1-33 is installed OR libMagickCore-6_Q16-1-6.8.8.1-33 is installed OR libMagickCore-6_Q16-1-32bit-6.8.8.1-33 is installed OR libMagickWand-6_Q16-1-6.8.8.1-33 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 SP3 is installed AND umoci-0.4.6-3.9.1 is installed
Definition Synopsis
SUSE Linux Enterprise High Availability 15 is installed AND Package Information ruby2.5-rubygem-loofah-2.2.2-4.3 is installed OR rubygem-loofah-2.2.2-4.3 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Basesystem 15 is installed AND Package Information libtiff-devel-4.0.9-5.14 is installed OR libtiff5-4.0.9-5.14 is installed OR tiff-4.0.9-5.14 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Desktop Applications 15 SP2 is installed AND Package Information libsoup-devel-2.68.3-2 is installed OR typelib-1_0-Soup-2_4-2.68.3-2 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 is installed AND Package Information kernel-default-4.12.14-25.28 is installed OR reiserfs-kmp-default-4.12.14-25.28 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Legacy Software 15 SP1 is installed AND Package Information openldap2-2.4.46-9.19 is installed OR openldap2-back-meta-2.4.46-9.19 is installed OR openldap2-back-perl-2.4.46-9.19 is installed
Definition Synopsis
SUSE Linux Enterprise Module for Live Patching 15 is installed AND Package Information kernel-livepatch-4_12_14-23-default-2-4 is installed OR kernel-livepatch-SLE15_Update_0-2-4 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 is installed AND Package Information java-1_7_0-openjdk-1.7.0.6-33 is installed OR java-1_7_0-openjdk-demo-1.7.0.6-33 is installed OR java-1_7_0-openjdk-devel-1.7.0.6-33 is installed OR java-1_7_0-openjdk-headless-1.7.0.6-33 is installed
Definition Synopsis
SUSE Linux Enterprise Server 12 SP1 is installed AND pcsc-ccid-1.4.14-1.45 is installed
Definition Synopsis
SUSE Linux Enterprise Workstation Extension 15 is installed AND enigmail-2.0.7-3.7 is installed
Definition Synopsis
SUSE Package Hub for SUSE Linux Enterprise 12 is installed AND Package Information chromedriver-53.0.2785.89-96 is installed OR chromium-53.0.2785.89-96 is installed OR chromium-desktop-gnome-53.0.2785.89-96 is installed OR chromium-desktop-kde-53.0.2785.89-96 is installed OR chromium-ffmpegsumo-53.0.2785.89-96 is installed
Definition Synopsis
SUSE Package Hub for SUSE Linux Enterprise 15 is installed AND Package Information python-slixmpp-1.3.0-bp150.3.3 is installed OR python3-slixmpp-1.3.0-bp150.3.3 is installed

BACK