Overview

File _patchinfo of Package patchinfo.39168

<patchinfo incident="39168">
  <issue tracker="bnc" id="1239949">nodejs22 built without PIE</issue>
  <issue tracker="bnc" id="1243217">VUL-0: CVE-2025-23165: nodejs: corrupted pointer in node::fs::ReadFileUtf8(const FunctionCallbackInfo&lt;Value&gt;&amp; args) when args[0] is a string</issue>
  <issue tracker="bnc" id="1241050">nodejs22: FTBFS with OpenSSL 3.5.0</issue>
  <issue tracker="bnc" id="1243218">VUL-0: CVE-2025-23166: nodejs: improper error handling in async cryptographic operations crashes process</issue>
  <issue tracker="cve" id="2025-23166"/>
  <issue tracker="cve" id="2025-23165"/>
  <packager>adamm</packager>
  <rating>important</rating>
  <category>security</category>
  <summary>Security update for nodejs22</summary>
  <description>This update for nodejs22 fixes the following issues:

Update to version 22.15.1.

Security issues fixed:

- CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations
  (bsc#1243218).
- CVE-2025-23165: memory leak and unbounded memory growth due to corrupted pointer in
  `node::fs::ReadFileUtf8(const FunctionCallbackInfo&lt;Value&gt;&amp; args)` when `args[0]` is a string (bsc#1243217).
  
Other changes and issues fixed:

- Changes from version 22.15.0

  * dns: add TLSA record query and parsing
  * assert: improve partialDeepStrictEqual
  * process: add execve
  * tls: implement tls.getCACertificates()
  * v8: add v8.getCppHeapStatistics() method

- Changes from version 22.14.0
 
  * fs: allow exclude option in globs to accept glob patterns
  * lib: add typescript support to STDIN eval
  * module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX
  * module: add findPackageJSON util
  * process: add process.ref() and process.unref() methods
  * sqlite: support TypedArray and DataView in StatementSync
  * src: add --disable-sigusr1 to prevent signal i/o thread
  * src,worker: add isInternalWorker
  * test_runner: add TestContext.prototype.waitFor()
  * test_runner: add t.assert.fileSnapshot()
  * test_runner: add assert.register() API
  * worker: add eval ts input
  
- Build with PIE (bsc#1239949).
- Fix builds with OpenSSL 3.5.0 (bsc#1241050).
</description>
</patchinfo>
openSUSE Build Service is sponsored by
Places