Security update for nodejs12

SUSE Security Update: Security update for nodejs12

---

Announcement ID:	SUSE-SU-2022:0531-1
Rating:	important
References:	#1191962 #1191963 #1192153 #1192154 #1192696
Cross-References:	CVE-2021-23343 CVE-2021-32803 CVE-2021-32804 CVE-2021-3807 CVE-2021-3918
Affected Products:	SUSE Linux Enterprise High Performance Computing 12 SUSE Linux Enterprise Module for Web Scripting 12 SUSE Linux Enterprise Server 12 SUSE Linux Enterprise Server 12-SP3 SUSE Linux Enterprise Server 12-SP4 SUSE Linux Enterprise Server 12-SP5 SUSE Linux Enterprise Server for SAP Applications 12 SUSE Linux Enterprise Server for SAP Applications 12-SP3 SUSE Linux Enterprise Server for SAP Applications 12-SP4 SUSE Linux Enterprise Server for SAP Applications 12-SP5

---

An update that fixes 5 vulnerabilities is now available.

Description:

This update for nodejs12 fixes the following issues:

• CVE-2021-23343: Fixed ReDoS via splitDeviceRe, splitTailRe and splitPathRe (bsc#1192153).
• CVE-2021-32803: Fixed insufficient symlink protection in node-tar allowing arbitrary file creation and overwrite (bsc#1191963).
• CVE-2021-32804: Fixed insufficient absolute path sanitization in node-tar allowing arbitrary file creation and overwrite (bsc#1191962).
• CVE-2021-3918: Fixed improper controlled modification of object prototype attributes in json-schema (bsc#1192696).
• CVE-2021-3807: Fixed regular expression denial of service (ReDoS) matching ANSI escape codes in node-ansi-regex (bsc#1192154).

Patch Instructions:

To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

• SUSE Linux Enterprise Module for Web Scripting 12:
  zypper in -t patch SUSE-SLE-Module-Web-Scripting-12-2022-531=1

Package List:

• SUSE Linux Enterprise Module for Web Scripting 12 (aarch64 ppc64le s390x x86_64):
  • nodejs12-12.22.10-1.42.2
  • nodejs12-debuginfo-12.22.10-1.42.2
  • nodejs12-debugsource-12.22.10-1.42.2
  • nodejs12-devel-12.22.10-1.42.2
  • npm12-12.22.10-1.42.2
• SUSE Linux Enterprise Module for Web Scripting 12 (noarch):
  • nodejs12-docs-12.22.10-1.42.2

References:

• https://www.suse.com/security/cve/CVE-2021-23343.html
• https://www.suse.com/security/cve/CVE-2021-32803.html
• https://www.suse.com/security/cve/CVE-2021-32804.html
• https://www.suse.com/security/cve/CVE-2021-3807.html
• https://www.suse.com/security/cve/CVE-2021-3918.html
• https://bugzilla.suse.com/1191962
• https://bugzilla.suse.com/1191963
• https://bugzilla.suse.com/1192153
• https://bugzilla.suse.com/1192154
• https://bugzilla.suse.com/1192696