Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 23.10: USN-6822-1 Security Alert for Node.js Policy Bypass Issues

ubuntu
Calendar Grey June 11, 2024
Dist Ubuntu Esm H88
Ubuntu Security Alert USN-6822-1 pertains to security flaws in Node.js that impact several versions of Ubuntu, along with associated patches.
Several security issues were fixed in Node.js.

Summary

Several security issues were fixed in Node.js.

Software Description:

- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

It was discovered that Node.js incorrectly handled certain inputs when it is

using the policy mechanism. If a user or an automated system were tricked into

opening a specially crafted input file, a remote attacker could possibly use

this issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006)

It was discovered that Node.js incorrectly handled certain inputs when it is

using the policy mechanism. If a user or an automated system were tricked into

opening a specially crafted input file, a remote attacker could possibly use

this issue to perform a privilege escalation. (CVE-2023-32559)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 23.10
   libnode108                      18.13.0+dfsg1-1ubuntu2.3
   nodejs                          18.13.0+dfsg1-1ubuntu2.3

Ubuntu 22.04 LTS
   libnode72                       12.22.9~dfsg-1ubuntu3.6
   nodejs                          12.22.9~dfsg-1ubuntu3.6

In general, a standard system update will make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-6822-1

CVE-2023-32002, CVE-2023-32006, CVE-2023-32559

Severity
important
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-6822-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here