Security update for nodejs10 SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:0606-1 Final 1 1 2023-03-03T11:02:09Z current 2023-03-03T11:02:09Z 2023-03-03T11:02:09Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for nodejs10 This update for nodejs10 fixes the following issues: - CVE-2023-23920: Fixed insecure loading of ICU data through ICU_DATA environment (bsc#1208487). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-606,SUSE-SLE-Product-HPC-15-SP1-LTSS-2023-606,SUSE-SLE-Product-HPC-15-SP2-LTSS-2023-606,SUSE-SLE-Product-SLES-15-SP1-LTSS-2023-606,SUSE-SLE-Product-SLES-15-SP2-LTSS-2023-606,SUSE-SLE-Product-SLES_SAP-15-SP1-2023-606,SUSE-SLE-Product-SLES_SAP-15-SP2-2023-606,SUSE-Storage-7-2023-606,openSUSE-SLE-15.4-2023-606 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20230606-1/ Link for SUSE-SU-2023:0606-1 https://lists.suse.com/pipermail/sle-security-updates/2023-March/013973.html E-Mail link for SUSE-SU-2023:0606-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1208487 SUSE Bug 1208487 https://www.suse.com/security/cve/CVE-2023-23920/ SUSE CVE CVE-2023-23920 page SUSE Enterprise Storage 7 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise Server 15 SP1-LTSS SUSE Linux Enterprise Server 15 SP2-LTSS SUSE Linux Enterprise Server for SAP Applications 15 SP1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 openSUSE Leap 15.4 nodejs10-10.24.1-150000.1.56.1 nodejs10-devel-10.24.1-150000.1.56.1 nodejs10-docs-10.24.1-150000.1.56.1 npm10-10.24.1-150000.1.56.1 nodejs10-10.24.1-150000.1.56.1 as a component of SUSE Enterprise Storage 7 nodejs10-devel-10.24.1-150000.1.56.1 as a component of SUSE Enterprise Storage 7 nodejs10-docs-10.24.1-150000.1.56.1 as a component of SUSE Enterprise Storage 7 npm10-10.24.1-150000.1.56.1 as a component of SUSE Enterprise Storage 7 nodejs10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS nodejs10-devel-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS nodejs10-docs-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS npm10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS nodejs10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS nodejs10-devel-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS nodejs10-docs-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS npm10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS nodejs10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS nodejs10-devel-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS nodejs10-docs-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS npm10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP1-LTSS nodejs10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS nodejs10-devel-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS nodejs10-docs-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS npm10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server 15 SP2-LTSS nodejs10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 nodejs10-devel-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 nodejs10-docs-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 npm10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP1 nodejs10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 nodejs10-devel-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 nodejs10-docs-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 npm10-10.24.1-150000.1.56.1 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP2 nodejs10-10.24.1-150000.1.56.1 as a component of openSUSE Leap 15.4 nodejs10-devel-10.24.1-150000.1.56.1 as a component of openSUSE Leap 15.4 nodejs10-docs-10.24.1-150000.1.56.1 as a component of openSUSE Leap 15.4 npm10-10.24.1-150000.1.56.1 as a component of openSUSE Leap 15.4 An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potentially load ICU data when running with elevated privileges. CVE-2023-23920 SUSE Enterprise Storage 7:nodejs10-10.24.1-150000.1.56.1 SUSE Enterprise Storage 7:nodejs10-devel-10.24.1-150000.1.56.1 SUSE Enterprise Storage 7:nodejs10-docs-10.24.1-150000.1.56.1 SUSE Enterprise Storage 7:npm10-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:nodejs10-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:nodejs10-devel-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:nodejs10-docs-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS:npm10-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs10-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs10-devel-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:nodejs10-docs-10.24.1-150000.1.56.1 SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS:npm10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP1-LTSS:nodejs10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP1-LTSS:nodejs10-devel-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP1-LTSS:nodejs10-docs-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP1-LTSS:npm10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs10-devel-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP2-LTSS:nodejs10-docs-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server 15 SP2-LTSS:npm10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:nodejs10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:nodejs10-devel-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:nodejs10-docs-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1:npm10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs10-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs10-devel-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:nodejs10-docs-10.24.1-150000.1.56.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2:npm10-10.24.1-150000.1.56.1 openSUSE Leap 15.4:nodejs10-10.24.1-150000.1.56.1 openSUSE Leap 15.4:nodejs10-devel-10.24.1-150000.1.56.1 openSUSE Leap 15.4:nodejs10-docs-10.24.1-150000.1.56.1 openSUSE Leap 15.4:npm10-10.24.1-150000.1.56.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20230606-1/ https://www.suse.com/security/cve/CVE-2023-23920.html CVE-2023-23920 https://bugzilla.suse.com/1208487 SUSE Bug 1208487