Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Ubuntu 23.10 Advisory USN-6735-1 Critical: Node.js Denial of Service Issues

ubuntu
Calendar Grey April 16, 2024
Dist Ubuntu Esm H88
The latest Ubuntu Security Bulletin USN-6735-1 addresses several vulnerabilities within Node.js and provides guidance for mitigating these concerns across various versions.
Several security issues were fixed in Node.js.

Summary

Several security issues were fixed in Node.js.

Software Description:

- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

It was discovered that Node.js incorrectly handled the use of invalid public

keys while creating an x509 certificate. If a user or an automated system were

tricked into opening a specially crafted input file, a remote attacker could

possibly use this issue to cause a denial of service. This issue only affected

Ubuntu 23.10. (CVE-2023-30588)

It was discovered that Node.js incorrectly handled the use of CRLF sequences to

delimit HTTP requests. If a user or an automated system were tricked into

opening a specially crafted input file, a remote attacker could possibly use

this issue to obtain unauthorised access. This issue only affected

Ubuntu 23.10. (CVE-2023-30589)

It was discovered that Node.js incorrectly described the generateKeys()

function in the documentation. This inconsistency could possibly lead to

s...

Read the Full Advisory

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10:
   libnode-dev                     18.13.0+dfsg1-1ubuntu2.2
   libnode108                      18.13.0+dfsg1-1ubuntu2.2
   nodejs                          18.13.0+dfsg1-1ubuntu2.2
   nodejs-doc                      18.13.0+dfsg1-1ubuntu2.2

Ubuntu 22.04 LTS:
   libnode-dev                     12.22.9~dfsg-1ubuntu3.5
   libnode72                       12.22.9~dfsg-1ubuntu3.5
   nodejs                          12.22.9~dfsg-1ubuntu3.5
   nodejs-doc                      12.22.9~dfsg-1ubuntu3.5

Ubuntu 20.04 LTS:
   libnode-dev                     10.19.0~dfsg-3ubuntu1.6
   libnode64                       10.19.0~dfsg-3ubuntu1.6
   nodejs                          10.19.0~dfsg-3ubuntu1.6
   nodejs-doc                      10.19.0~dfsg-3ubuntu1.6

Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   nodejs                          8.10.0~dfsg-2ubuntu0.4+esm5
   nodejs-dev                      8.10.0~dfsg-2ubuntu0.4+esm5
   nodejs-doc                      8.10.0~dfsg-2ubuntu0.4+esm5

Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   nodejs                          4.2.6~dfsg-1ubuntu4.2+esm3
   nodejs-dev                      4.2.6~dfsg-1ubuntu4.2+esm3
   nodejs-legacy                   4.2.6~dfsg-1ubuntu4.2+esm3

Ubuntu 14.04 LTS (Available with Ubuntu Pro):
   nodejs                          0.10.25~dfsg2-2ubuntu1.2+esm2
   nodejs-dev                      0.10.25~dfsg2-2ubuntu1.2+esm2
   nodejs-legacy                   0.10.25~dfsg2-2ubuntu1.2+esm2

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6735-1

CVE-2023-30588, CVE-2023-30589, CVE-2023-30590

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6735-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here