SUSE-SU-2025:01879-1

See a problem?
Please try reporting it to the source first.
Source
https://www.suse.com/support/update/announcement/2025/suse-su-202501879-1/
Import Source
https://ftp.suse.com/pub/projects/security/osv/SUSE-SU-2025:01879-1.json
JSON Data
https://api.osv.dev/v1/vulns/SUSE-SU-2025:01879-1
Related
Published
2025-06-11T05:41:29Z
Modified
2025-06-11T14:14:22.707779Z
Upstream
Summary
Security update for nodejs22
Details

This update for nodejs22 fixes the following issues:

Update to version 22.15.1.

Security issues fixed:

  • CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations (bsc#1243218).
  • CVE-2025-23165: memory leak and unbounded memory growth due to corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args) when args[0] is a string (bsc#1243217).

Other changes and issues fixed:

  • Changes from version 22.15.0

    • dns: add TLSA record query and parsing
    • assert: improve partialDeepStrictEqual
    • process: add execve
    • tls: implement tls.getCACertificates()
    • v8: add v8.getCppHeapStatistics() method

  • Changes from version 22.14.0

    • fs: allow exclude option in globs to accept glob patterns
    • lib: add typescript support to STDIN eval
    • module: add ERRUNSUPPORTEDTYPESCRIPT_SYNTAX
    • module: add findPackageJSON util
    • process: add process.ref() and process.unref() methods
    • sqlite: support TypedArray and DataView in StatementSync
    • src: add --disable-sigusr1 to prevent signal i/o thread
    • src,worker: add isInternalWorker
    • test_runner: add TestContext.prototype.waitFor()
    • test_runner: add t.assert.fileSnapshot()
    • test_runner: add assert.register() API
    • worker: add eval ts input

  • Build with PIE (bsc#1239949).

  • Fix builds with OpenSSL 3.5.0 (bsc#1241050).
References

Affected packages

SUSE:Linux Enterprise Module for Web and Scripting 15 SP7 / nodejs22

Package

Name
nodejs22
Purl
pkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
22.15.1-150700.3.3.1

Ecosystem specific 

{
    "binaries": [
        {
            "nodejs22": "22.15.1-150700.3.3.1",
            "nodejs22-devel": "22.15.1-150700.3.3.1",
            "nodejs22-docs": "22.15.1-150700.3.3.1",
            "npm22": "22.15.1-150700.3.3.1"
        }
    ]
}