USN-6380-1: Node.js vulnerabilities
19 September 2023
Several security issues were fixed in Node.js.
Releases
Packages
- nodejs - An open-source, cross-platform JavaScript runtime environment.
Details
Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a denial
of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
(CVE-2019-15604)
Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to obtain
sensitive information. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-15605)
Alyssa Wilk discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS and
Ubuntu 18.04 LTS. (CVE-2019-15606)
Tobias Niessen discovered that Node.js incorrectly handled certain inputs. If
a user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-8174)
It was discovered that Node.js incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2020-8265, CVE-2020-8287)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 20.04
-
libnode-dev
-
10.19.0~dfsg-3ubuntu1.1
-
libnode64
-
10.19.0~dfsg-3ubuntu1.1
-
nodejs
-
10.19.0~dfsg-3ubuntu1.1
Ubuntu 18.04
-
nodejs
-
8.10.0~dfsg-2ubuntu0.4+esm2
Available with Ubuntu Pro
-
nodejs-dev
-
8.10.0~dfsg-2ubuntu0.4+esm2
Available with Ubuntu Pro
Ubuntu 16.04
-
nodejs
-
4.2.6~dfsg-1ubuntu4.2+esm2
Available with Ubuntu Pro
-
nodejs-dev
-
4.2.6~dfsg-1ubuntu4.2+esm2
Available with Ubuntu Pro
-
nodejs-legacy
-
4.2.6~dfsg-1ubuntu4.2+esm2
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
Related notices
- USN-5563-1: libhttp-parser2.7.1, libhttp-parser-dev, http-parser