Alerts This Week
Warning Icon 1 1,153
Alerts This Week
Warning Icon 1 1,153

Ubuntu 22.04 LTS: USN-7469-3 critical: Node.js Denial of Service

ubuntu
Calendar Grey April 29, 2025
Dist Ubuntu Esm H88
Ubuntu's Node.js faces stability issues due to specially designed traffic causing system failures. Stay informed for the latest news and information regarding the repair.
Node.js could be made to crash if it received specially crafted network traffic.

Summary

Node.js could be made to crash if it received specially crafted network

traffic.

Software Description:

- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update

provides the corresponding updates for Node.js.

Original advisory details:

 It was discovered that Apache Traffic Server exhibited poor server

 resource management in its HTTP/2 protocol. An attacker could possibly

 use this issue to cause Apache Traffic Server to crash, resulting in

 a denial of service.

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   libnode-dev                     12.22.9~dfsg-1ubuntu3.6+esm2
                                   Available with Ubuntu Pro
   libnode72                       12.22.9~dfsg-1ubuntu3.6+esm2
                                   Available with Ubuntu Pro
   nodejs                          12.22.9~dfsg-1ubuntu3.6+esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libnode-dev                     10.19.0~dfsg-3ubuntu1.6+esm2
                                   Available with Ubuntu Pro
   libnode64                       10.19.0~dfsg-3ubuntu1.6+esm2
                                   Available with Ubuntu Pro
   nodejs                          10.19.0~dfsg-3ubuntu1.6+esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   nodejs                          8.10.0~dfsg-2ubuntu0.4+esm6
                                   Available with Ubuntu Pro
   nodejs-dev                      8.10.0~dfsg-2ubuntu0.4+esm6
                                   Available with Ubuntu Pro

After a standard system update you need to restart Node.js to make all
the necessary changes.

References

https://ubuntu.com/security/notices/USN-7469-3

https://ubuntu.com/security/notices/USN-7469-2

https://ubuntu.com/security/notices/USN-7469-1

  CVE-2023-44487

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7469-3

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here