{"affected":[{"ecosystem_specific":{"binaries":[{"nodejs22":"22.15.1-150700.3.3.1","nodejs22-devel":"22.15.1-150700.3.3.1","nodejs22-docs":"22.15.1-150700.3.3.1","npm22":"22.15.1-150700.3.3.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Web and Scripting 15 SP7","name":"nodejs22","purl":"pkg:rpm/suse/nodejs22&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP7"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"22.15.1-150700.3.3.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for nodejs22 fixes the following issues:\n\nUpdate to version 22.15.1.\n\nSecurity issues fixed:\n\n- CVE-2025-23166: remotely triggerable process crash due to improper error handling in async cryptographic operations\n  (bsc#1243218).\n- CVE-2025-23165: memory leak and unbounded memory growth due to corrupted pointer in\n  `node::fs::ReadFileUtf8(const FunctionCallbackInfo<Value>& args)` when `args[0]` is a string (bsc#1243217).\n  \nOther changes and issues fixed:\n\n- Changes from version 22.15.0\n\n  * dns: add TLSA record query and parsing\n  * assert: improve partialDeepStrictEqual\n  * process: add execve\n  * tls: implement tls.getCACertificates()\n  * v8: add v8.getCppHeapStatistics() method\n\n- Changes from version 22.14.0\n \n  * fs: allow exclude option in globs to accept glob patterns\n  * lib: add typescript support to STDIN eval\n  * module: add ERR_UNSUPPORTED_TYPESCRIPT_SYNTAX\n  * module: add findPackageJSON util\n  * process: add process.ref() and process.unref() methods\n  * sqlite: support TypedArray and DataView in StatementSync\n  * src: add --disable-sigusr1 to prevent signal i/o thread\n  * src,worker: add isInternalWorker\n  * test_runner: add TestContext.prototype.waitFor()\n  * test_runner: add t.assert.fileSnapshot()\n  * test_runner: add assert.register() API\n  * worker: add eval ts input\n  \n- Build with PIE (bsc#1239949).\n- Fix builds with OpenSSL 3.5.0 (bsc#1241050).\n","id":"SUSE-SU-2025:01879-1","modified":"2025-06-11T05:41:29Z","published":"2025-06-11T05:41:29Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2025/suse-su-202501879-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1239949"},{"type":"REPORT","url":"https://bugzilla.suse.com/1241050"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243217"},{"type":"REPORT","url":"https://bugzilla.suse.com/1243218"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-23165"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2025-23166"}],"related":["CVE-2025-23165","CVE-2025-23166"],"summary":"Security update for nodejs22","upstream":["CVE-2025-23165","CVE-2025-23166"]}