USN-6564-1: Node.js vulnerabilities
3 January 2024
Several security issues were fixed in Node.js.
Releases
Packages
- nodejs - An open-source, cross-platform JavaScript runtime environment.
Details
Hubert Kario discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2022-4304)
CarpetFuzz, Dawei Wang discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-4450)
Octavio Galland and Marcel Böhme discovered that Node.js incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service. (CVE-2023-0215)
David Benjamin discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted input
file, a remote attacker could possibly use this issue to obtain sensitive
information. (CVE-2023-0286)
Hubert Kario and Dmitry Belyavsky discovered that Node.js incorrectly handled
certain inputs. If a user or an automated system were tricked into opening a
specially crafted input file, a remote attacker could possibly use this issue
to cause a denial of service. (CVE-2023-0401)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
libnode-dev
-
12.22.9~dfsg-1ubuntu3.3
-
libnode72
-
12.22.9~dfsg-1ubuntu3.3
-
nodejs
-
12.22.9~dfsg-1ubuntu3.3
In general, a standard system update will make all the necessary changes.
Related notices
- USN-5844-1: libssl1.1, openssl, libssl-doc, libssl3, libssl-dev
- USN-5845-1: libssl1.0.0, openssl1.0, libssl1.0-dev
- USN-5845-2: libssl-dev, libssl-doc, openssl, libssl1.0.0