USN-6457-1: Node.js vulnerabilities
30 October 2023
Several security issues were fixed in Node.js.
Releases
Packages
- nodejs - An open-source, cross-platform JavaScript runtime environment.
Details
Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0778)
Elison Niven discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-1292)
Chancen and Daniel Fiala discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-2068)
Alex Chernyakhovsky discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-2097)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
libnode-dev
-
12.22.9~dfsg-1ubuntu3.1
-
libnode72
-
12.22.9~dfsg-1ubuntu3.1
-
nodejs
-
12.22.9~dfsg-1ubuntu3.1
-
nodejs-doc
-
12.22.9~dfsg-1ubuntu3.1
In general, a standard system update will make all the necessary changes.
References
Related notices
- USN-5328-1: libssl-doc, openssl, libssl1.1, openssl1.0, libssl-dev, libssl1.0-dev, libssl1.0.0
- USN-5328-2: libssl-dev, openssl, libssl-doc, libssl1.0.0
- USN-5402-1: libssl-doc, openssl, libssl1.1, openssl1.0, libssl3, libssl-dev, libssl1.0-dev, libssl1.0.0
- USN-5402-2: libssl-dev, openssl, libssl-doc, libssl1.0.0
- USN-7018-1: libssl-dev, openssl, libssl-doc, libssl1.0.0
- USN-5502-1: libssl-doc, openssl, libssl1.1, libssl3, libssl-dev
- USN-5488-1: libssl-doc, openssl, libssl1.1, openssl1.0, libssl3, libssl-dev, libssl1.0-dev, libssl1.0.0
- USN-5488-2: libssl-dev, openssl, libssl-doc, libssl1.0.0