Several security issues were fixed in Node.js.
Software Description:
- nodejs: An open-source, cross-platform JavaScript runtime environment.
Details:
It was discovered that Node.js incorrectly handled the use of invalid public
keys while creating an x509 certificate. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service. This issue only affected
Ubuntu 23.10. (CVE-2023-30588)
It was discovered that Node.js incorrectly handled the use of CRLF sequences to
delimit HTTP requests. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain unauthorised access. This issue only affected
Ubuntu 23.10. (CVE-2023-30589)
It was discovered that Node.js incorrectly described the generateKeys()
function in the documentation. This inconsistency could possibly lead to
s...
The problem can be corrected by updating your system to the following package versions: Ubuntu 23.10: libnode-dev 18.13.0+dfsg1-1ubuntu2.2 libnode108 18.13.0+dfsg1-1ubuntu2.2 nodejs 18.13.0+dfsg1-1ubuntu2.2 nodejs-doc 18.13.0+dfsg1-1ubuntu2.2 Ubuntu 22.04 LTS: libnode-dev 12.22.9~dfsg-1ubuntu3.5 libnode72 12.22.9~dfsg-1ubuntu3.5 nodejs 12.22.9~dfsg-1ubuntu3.5 nodejs-doc 12.22.9~dfsg-1ubuntu3.5 Ubuntu 20.04 LTS: libnode-dev 10.19.0~dfsg-3ubuntu1.6 libnode64 10.19.0~dfsg-3ubuntu1.6 nodejs 10.19.0~dfsg-3ubuntu1.6 nodejs-doc 10.19.0~dfsg-3ubuntu1.6 Ubuntu 18.04 LTS (Available with Ubuntu Pro): nodejs 8.10.0~dfsg-2ubuntu0.4+esm5 nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm5 nodejs-doc 8.10.0~dfsg-2ubuntu0.4+esm5 Ubuntu 16.04 LTS (Available with Ubuntu Pro): nodejs 4.2.6~dfsg-1ubuntu4.2+esm3 nodejs-dev 4.2.6~dfsg-1ubuntu4.2+esm3 nodejs-legacy 4.2.6~dfsg-1ubuntu4.2+esm3 Ubuntu 14.04 LTS (Available with Ubuntu Pro): nodejs 0.10.25~dfsg2-2ubuntu1.2+esm2 nodejs-dev 0.10.25~dfsg2-2ubuntu1.2+esm2 nodejs-legacy 0.10.25~dfsg2-2ubuntu1.2+esm2 In general, a standard system update will make all the necessary changes.
https://ubuntu.com/security/notices/USN-6735-1
CVE-2023-30588, CVE-2023-30589, CVE-2023-30590
Get the latest Linux and open source security news straight to your inbox.