USN-6491-1: Node.js vulnerabilities
21 November 2023
Several security issues were fixed in Node.js.
Releases
Packages
- nodejs - An open-source, cross-platform JavaScript runtime environment.
Details
Axel Chong discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-32212)
Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213,
CVE-2022-32214, CVE-2022-32215)
It was discovered that Node.js incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-35256)
It was discovered that Node.js incorrectly handled certain inputs. If a user
or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to execute arbitrary
code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-43548)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
libnode-dev
-
12.22.9~dfsg-1ubuntu3.2
-
libnode72
-
12.22.9~dfsg-1ubuntu3.2
-
nodejs
-
12.22.9~dfsg-1ubuntu3.2
-
nodejs-doc
-
12.22.9~dfsg-1ubuntu3.2
Ubuntu 20.04
-
libnode-dev
-
10.19.0~dfsg-3ubuntu1.3
-
libnode64
-
10.19.0~dfsg-3ubuntu1.3
-
nodejs
-
10.19.0~dfsg-3ubuntu1.3
-
nodejs-doc
-
10.19.0~dfsg-3ubuntu1.3
Ubuntu 18.04
-
nodejs
-
8.10.0~dfsg-2ubuntu0.4+esm4
Available with Ubuntu Pro
-
nodejs-dev
-
8.10.0~dfsg-2ubuntu0.4+esm4
Available with Ubuntu Pro
-
nodejs-doc
-
8.10.0~dfsg-2ubuntu0.4+esm4
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.