USN-6457-1: Node.js vulnerabilities
30 October 2023
Several security issues were fixed in Node.js.
Releases
Packages
- nodejs - An open-source, cross-platform JavaScript runtime environment.
Details
Tavis Ormandy discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to cause a
denial of service. (CVE-2022-0778)
Elison Niven discovered that Node.js incorrectly handled certain inputs. If a
user or an automated system were tricked into opening a specially crafted
input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-1292)
Chancen and Daniel Fiala discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-2068)
Alex Chernyakhovsky discovered that Node.js incorrectly handled certain
inputs. If a user or an automated system were tricked into opening a specially
crafted input file, a remote attacker could possibly use this issue to execute
arbitrary code. (CVE-2022-2097)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 22.04
-
libnode-dev
-
12.22.9~dfsg-1ubuntu3.1
-
libnode72
-
12.22.9~dfsg-1ubuntu3.1
-
nodejs
-
12.22.9~dfsg-1ubuntu3.1
-
nodejs-doc
-
12.22.9~dfsg-1ubuntu3.1
In general, a standard system update will make all the necessary changes.