{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs18":"18.13.0-8.3.1","nodejs18-devel":"18.13.0-8.3.1","nodejs18-docs":"18.13.0-8.3.1","npm18":"18.13.0-8.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 12","name":"nodejs18","purl":"pkg:rpm/suse/nodejs18&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"18.13.0-8.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs18 fixes the following issues:\n\nThis update ships nodejs18 (jsc#PED-2097)\n\nUpdate to NodejJS 18.13.0 LTS:\n\n* build: disable v8 snapshot compression by default\n* crypto: update root certificates\n* deps: update ICU to 72.1\n* doc:\n\n  + add doc-only deprecation for headers/trailers setters\n  + add Rafael to the tsc\n  + deprecate use of invalid ports in url.parse\n  + deprecate url.parse()\n\n* lib: drop fetch experimental warning\n* net: add autoSelectFamily and autoSelectFamilyAttemptTimeout options\n* src:\n\n  + add uvwasi version\n  + add initial shadow realm support\n\n* test_runner:\n\n  + add t.after() hook\n  + don't use a symbol for runHook()\n\n* tls:\n\n  + add 'ca' property to certificate object\n\n* util:\n\n  + add fast path for utf8 encoding\n  + improve textdecoder decode performance\n  + add MIME utilities\n\n- Fixes compatibility with ICU 72.1 (bsc#1205236)\n- Fix migration to openssl-3 (bsc#1205042)\n\nUpdate to NodeJS 18.12.1 LTS:\n\n* inspector: DNS rebinding in --inspect via invalid octal IP\n  (bsc#1205119, CVE-2022-43548)\n\nUpdate to NodeJS 18.12.0 LTS:\n\n* Running in 'watch' mode using node --watch restarts the process\n  when an imported file is changed.\n* fs: add FileHandle.prototype.readLines\n* http: add writeEarlyHints function to ServerResponse\n* http2: make early hints generic\n* util: add default value option to parsearg\n\nUpdate to NodeJS 18.11.0:\n\n* added experimental watch mode -- running in 'watch' mode using\n  node --watch restarts the process when an imported file is changed\n* fs: add FileHandle.prototype.readLines\n* http: add writeEarlyHints function to ServerResponse\n* http2: make early hints generic\n* lib: refactor transferable AbortSignal\n* src: add detailed embedder process initialization API\n* util: add default value option to parsearg\n\nUpdate to NodeJS 18.10.0:\n\n* deps: upgrade npm to 8.19.2\n* http: throw error on content-length mismatch\n* stream: add ReadableByteStream.tee()\n\nUpdate to Nodejs 18.9.1:\n\n* deps: llhttp updated to 6.0.10\n\n  + CVE-2022-32213 bypass via obs-fold mechanic (bsc#1201325)\n  + Incorrect Parsing of Multi-line Transfer-Encoding\n    (CVE-2022-32215, bsc#1201327)\n  + Incorrect Parsing of Header Fields (CVE-2022-35256, bsc#1203832)\n\n* crypto: fix weak randomness in WebCrypto keygen\n  (CVE-2022-35255, bsc#1203831)\n\nUpdate to Nodejs 18.9.0:\n\n* lib - add diagnostics channel for process and worker\n* os - add machine method\n* report - expose report public native apis\n* src - expose environment RequestInterrupt api\n* vm - include vm context in the embedded snapshot\n\nChanges in 18.8.0:\n\n* bootstrap: implement run-time user-land snapshots via\n  --build-snapshot and --snapshot-blob. See\n* crypto:\n  + allow zero-length IKM in HKDF and in webcrypto PBKDF2\n  + allow zero-length secret KeyObject\n* deps: upgrade npm to 8.18.0\n* http: make idle http parser count configurable\n* net: add local family\n* src: print source map error source on demand\n* tls: pass a valid socket on tlsClientError\n\nUpdate to Nodejs 18.7.0:\n\n* events: add CustomEvent\n* http: add drop request event for http server\n* lib: improved diagnostics_channel subscribe/unsubscribe\n* util: add tokens to parseArgs\n\n- enable crypto policy ciphers for TW and SLE15 SP4+ (bsc#1200303)\n\nUpdate to Nodejs 18.6.0:\n\n* Experimental ESM Loader Hooks API. For details see,\n  https://nodejs.org/api/esm.html\n* dns: export error code constants from dns/promises\n* esm: add chaining to loaders\n* http: add diagnostics channel for http client\n* http: add perf_hooks detail for http request and client\n* module: add isBuiltIn method\n* net: add drop event for net server\n* test_runner: expose describe and it\n* v8: add v8.startupSnapshot utils\n\nFor details, see\nhttps://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.6.0\n\nUpdate to Nodejs 18.5.0:\n\n* http: stricter Transfer-Encoding and header separator parsing\n  (bsc#1201325, bsc#1201326, bsc#1201327,\n   CVE-2022-32213, CVE-2022-32214, CVE-2022-32215)\n* src: fix IPv4 validation in inspector_socket\n  (bsc#1201328, CVE-2022-32212)\n\nFor details, see\nhttps://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.5.0\n\nUpdate to Nodejs 18.4.0. For detailed changes see,\n\nhttps://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V18.md#18.4.0\n- refreshed: versioned.patch, linker_lto_jobs.patch, nodejs-libpath.patch\n\nInitial packaging of Nodejs 18.2.0. For detailed changes since previous versions, see\nhttps://github.com/nodejs/node/blob/master/doc/changelogs/CHANGELOG_V18.md#18.2.0\n\n","id":"SUSE-SU-2023:0408-1","modified":"2023-02-14T12:50:31Z","published":"2023-02-14T12:50:31Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2023/suse-su-20230408-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1200303"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201325"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201326"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201327"},{"type":"REPORT","url":"https://bugzilla.suse.com/1201328"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203831"},{"type":"REPORT","url":"https://bugzilla.suse.com/1203832"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205042"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205119"},{"type":"REPORT","url":"https://bugzilla.suse.com/1205236"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32212"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32213"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32214"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-32215"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-35255"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-35256"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-43548"}],"related":["CVE-2022-32212","CVE-2022-32213","CVE-2022-32214","CVE-2022-32215","CVE-2022-35255","CVE-2022-35256","CVE-2022-43548"],"summary":"Security update for nodejs18","upstream":["CVE-2022-32212","CVE-2022-32213","CVE-2022-32214","CVE-2022-32215","CVE-2022-35255","CVE-2022-35256","CVE-2022-43548"]}