openSUSE Security Update: Security update for nodejs-electron ______________________________________________________________________________
Announcement ID: openSUSE-SU-2022:0070-1 Rating: important References: Cross-References: CVE-2021-30625 CVE-2021-30626 CVE-2021-30627 CVE-2021-30628 CVE-2021-30630 CVE-2021-30631 CVE-2021-30632 CVE-2021-30633 CVE-2021-37981 CVE-2021-37984 CVE-2021-37987 CVE-2021-37989 CVE-2021-37992 CVE-2021-37996 CVE-2021-37998 CVE-2021-38001 CVE-2021-38002 CVE-2021-38003
CVSS scores: CVE-2021-30625 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30626 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30627 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30628 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30630 (NVD) : 4.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N CVE-2021-30632 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-30633 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-37981 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-37984 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37987 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37989 (NVD) : 6.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-37992 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-37996 (NVD) : 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N CVE-2021-37998 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38001 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVE-2021-38002 (NVD) : 9.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H CVE-2021-38003 (NVD) : 8.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products: openSUSE Backports SLE-15-SP3 ______________________________________________________________________________
An update that fixes 18 vulnerabilities is now available.
Description:
This update for nodejs-electron fixes the following issues:
- Fix webpack-4 with OpenSSL 3.0
Update to version 16.0.9
* https://github.com/electron/electron/releases/tag/v16.0.9
Update to version 16.0.8
* https://github.com/electron/electron/releases/tag/v16.0.8
- Add devel package with node headers (e.g. for node-gyp)
- Update to version 16.0.7
* https://github.com/electron/electron/releases/tag/v16.0.7
- Update to version 15.3.3
* https://github.com/electron/electron/releases/tag/v15.3.3
- Update to version 13.6.3 https://github.com/electron/electron/releases/tag/v13.6.3
- Update to version 13.6.2 https://github.com/electron/electron/releases/tag/v13.6.2 - Fix for CVE-2021-37998 - Fix for CVE-2021-38001 - Fix for CVE-2021-38002 - Fix for CVE-2021-38003
- Do not build with H264
- Update to version 13.6.1 https://github.com/electron/electron/releases/tag/v13.6.1 - Fix for CVE-2021-37981 - Fix for CVE-2021-37984 - Fix for CVE-2021-37987 - Fix for CVE-2021-37989 - Fix for CVE-2021-37992 - Fix for CVE-2021-37996
- Update to version 13.5.1 https://github.com/electron/electron/releases/tag/v13.5.1
- Update to version 13.5.0 https://github.com/electron/electron/releases/tag/v13.5.0 - Fix for CVE-2021-30627 - Fix for CVE-2021-30631 - Fix for CVE-2021-30632 - Fix for CVE-2021-30625 - Fix for CVE-2021-30626 - Fix for CVE-2021-30628 - Fix for CVE-2021-30630 - Fix for CVE-2021-30633
- Version 13.4.0
- Update to version 13.1.8 * https://github.com/electron/electron/releases/tag/v13.1.8
- Update to version 13.1.7 * https://github.com/electron/electron/releases/tag/v13.1.7
- Update to version 13.1.6 * https://github.com/electron/electron/releases/tag/v13.1.6 * https://github.com/electron/electron/releases/tag/v13.1.5
- Update to version 13.1.4 * https://github.com/electron/electron/releases/tag/v13.1.4 * https://github.com/electron/electron/releases/tag/v13.1.3
- Build with vaapi support
- Install missing vk_swiftshader_icd.json
- Update to version 13.1.2 * https://github.com/electron/electron/releases/tag/v13.1.2
Patch Instructions:
To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
- openSUSE Backports SLE-15-SP3:
zypper in -t patch openSUSE-2022-70=1
Package List:
- openSUSE Backports SLE-15-SP3 (x86_64):
nodejs-electron-16.0.9-bp153.2.1 nodejs-electron-devel-16.0.9-bp153.2.1
References:
https://www.suse.com/security/cve/CVE-2021-30625.html https://www.suse.com/security/cve/CVE-2021-30626.html https://www.suse.com/security/cve/CVE-2021-30627.html https://www.suse.com/security/cve/CVE-2021-30628.html https://www.suse.com/security/cve/CVE-2021-30630.html https://www.suse.com/security/cve/CVE-2021-30631.html https://www.suse.com/security/cve/CVE-2021-30632.html https://www.suse.com/security/cve/CVE-2021-30633.html https://www.suse.com/security/cve/CVE-2021-37981.html https://www.suse.com/security/cve/CVE-2021-37984.html https://www.suse.com/security/cve/CVE-2021-37987.html https://www.suse.com/security/cve/CVE-2021-37989.html https://www.suse.com/security/cve/CVE-2021-37992.html https://www.suse.com/security/cve/CVE-2021-37996.html https://www.suse.com/security/cve/CVE-2021-37998.html https://www.suse.com/security/cve/CVE-2021-38001.html https://www.suse.com/security/cve/CVE-2021-38002.html https://www.suse.com/security/cve/CVE-2021-38003.html