Security update for nodejs22
Announcement ID: | SUSE-SU-2025:01879-1 |
---|---|
Release Date: | 2025-06-11T05:41:29Z |
Rating: | important |
References: | |
Cross-References: | |
CVSS scores: |
|
Affected Products: |
|
An update that solves two vulnerabilities and has two security fixes can now be installed.
Description:
This update for nodejs22 fixes the following issues:
Update to version 22.15.1.
Security issues fixed:
- CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations (bsc#1243218).
- CVE-2025-23165: memory leak and unbounded memory growth due to corrupted pointer in
node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args)
whenargs[0]
is a string (bsc#1243217).
Other changes and issues fixed:
-
Changes from version 22.15.0
-
dns: add TLSA record query and parsing
- assert: improve partialDeepStrictEqual
- process: add execve
- tls: implement tls.getCACertificates()
-
v8: add v8.getCppHeapStatistics() method
-
Changes from version 22.14.0
-
fs: allow exclude option in globs to accept glob patterns
- lib: add typescript support to STDIN eval
- module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX
- module: add findPackageJSON util
- process: add process.ref() and process.unref() methods
- sqlite: support TypedArray and DataView in StatementSync
- src: add --disable-sigusr1 to prevent signal i/o thread
- src,worker: add isInternalWorker
- test_runner: add TestContext.prototype.waitFor()
- test_runner: add t.assert.fileSnapshot()
- test_runner: add assert.register() API
-
worker: add eval ts input
-
Build with PIE (bsc#1239949).
- Fix builds with OpenSSL 3.5.0 (bsc#1241050).
Patch Instructions:
To install this SUSE update use the SUSE recommended
installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
-
Web and Scripting Module 15-SP7
zypper in -t patch SUSE-SLE-Module-Web-Scripting-15-SP7-2025-1879=1
Package List:
-
Web and Scripting Module 15-SP7 (aarch64 ppc64le s390x x86_64)
- nodejs22-debuginfo-22.15.1-150700.3.3.1
- nodejs22-devel-22.15.1-150700.3.3.1
- nodejs22-debugsource-22.15.1-150700.3.3.1
- nodejs22-22.15.1-150700.3.3.1
- npm22-22.15.1-150700.3.3.1
-
Web and Scripting Module 15-SP7 (noarch)
- nodejs22-docs-22.15.1-150700.3.3.1
References:
- https://www.suse.com/security/cve/CVE-2025-23165.html
- https://www.suse.com/security/cve/CVE-2025-23166.html
- https://bugzilla.suse.com/show_bug.cgi?id=1239949
- https://bugzilla.suse.com/show_bug.cgi?id=1241050
- https://bugzilla.suse.com/show_bug.cgi?id=1243217
- https://bugzilla.suse.com/show_bug.cgi?id=1243218