Alerts This Week
Warning Icon 1 485
Alerts This Week
Warning Icon 1 485

Ubuntu 22.04 USN-6491-1 Warning: Node.js Remote Code Exploitation Issues

ubuntu
Calendar Grey November 21, 2023
Dist Ubuntu Esm H88
Follow these steps to update Node.js securely on Ubuntu 22.04, 20.04, and 18.04, ensuring your installations remain efficient and current
Several security issues were fixed in Node.js.

Summary

Several security issues were fixed in Node.js.

Software Description:

- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

Axel Chong discovered that Node.js incorrectly handled certain inputs. If a

user or an automated system were tricked into opening a specially crafted

input file, a remote attacker could possibly use this issue to execute

arbitrary code. (CVE-2022-32212)

Zeyu Zhang discovered that Node.js incorrectly handled certain inputs. If a

user or an automated system were tricked into opening a specially crafted

input file, a remote attacker could possibly use this issue to execute

arbitrary code. This issue only affected Ubuntu 22.04 LTS. (CVE-2022-32213,

CVE-2022-32214, CVE-2022-32215)

It was discovered that Node.js incorrectly handled certain inputs. If a user

or an automated system were tricked into opening a specially crafted input

file, a remote attacker could possibly use this issue to execute arbitrary

code. Th...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS:
   libnode-dev                     12.22.9~dfsg-1ubuntu3.2
   libnode72                       12.22.9~dfsg-1ubuntu3.2
   nodejs                          12.22.9~dfsg-1ubuntu3.2
   nodejs-doc                      12.22.9~dfsg-1ubuntu3.2

Ubuntu 20.04 LTS:
   libnode-dev                     10.19.0~dfsg-3ubuntu1.3
   libnode64                       10.19.0~dfsg-3ubuntu1.3
   nodejs                          10.19.0~dfsg-3ubuntu1.3
   nodejs-doc                      10.19.0~dfsg-3ubuntu1.3

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   nodejs                          8.10.0~dfsg-2ubuntu0.4+esm4
   nodejs-dev                      8.10.0~dfsg-2ubuntu0.4+esm4
   nodejs-doc                      8.10.0~dfsg-2ubuntu0.4+esm4

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6491-1

CVE-2022-32212, CVE-2022-32213, CVE-2022-32214, CVE-2022-32215,

CVE-2022-35256, CVE-2022-43548

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6491-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here