Alerts This Week
Warning Icon 1 1,295
Alerts This Week
Warning Icon 1 1,295

Ubuntu 20.04 LTS USN-6380-1 Critical: Node.js Denial Of Service

ubuntu
Calendar Grey September 19, 2023
Dist Ubuntu Esm H88
Security issues in Node.js on Ubuntu impact various LTS versions. Update to the most recent packages to address vulnerabilities and enhance protection.
Several security issues were fixed in Node.js.

Summary

Several security issues were fixed in Node.js.

Software Description:

- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

Rogier Schouten discovered that Node.js incorrectly handled certain inputs. If

a user or an automated system were tricked into opening a specially crafted

input file, a remote attacker could possibly use this issue to cause a denial

of service. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

(CVE-2019-15604)

Ethan Rubinson discovered that Node.js incorrectly handled certain inputs. If

a user or an automated system were tricked into opening a specially crafted

input file, a remote attacker could possibly use this issue to obtain

sensitive information. This issue only affected Ubuntu 16.04 LTS and

Ubuntu 18.04 LTS. (CVE-2019-15605)

Alyssa Wilk discovered that Node.js incorrectly handled certain inputs. If a

user or an automated system were tricked into opening a specially crafted

input file, a...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 20.04 LTS:
   libnode-dev                     10.19.0~dfsg-3ubuntu1.1
   libnode64                       10.19.0~dfsg-3ubuntu1.1
   nodejs                          10.19.0~dfsg-3ubuntu1.1

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   nodejs                          8.10.0~dfsg-2ubuntu0.4+esm2
   nodejs-dev                      8.10.0~dfsg-2ubuntu0.4+esm2

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   nodejs                          4.2.6~dfsg-1ubuntu4.2+esm2
   nodejs-dev                      4.2.6~dfsg-1ubuntu4.2+esm2
   nodejs-legacy                   4.2.6~dfsg-1ubuntu4.2+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6380-1

CVE-2019-15604, CVE-2019-15605, CVE-2019-15606, CVE-2020-8174,

CVE-2020-8265, CVE-2020-8287

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6380-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here