Node.js could be made to crash if it received specially crafted network
traffic.
Software Description:
- nodejs: An open-source, cross-platform JavaScript runtime environment.
Details:
USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update
provides the corresponding updates for Node.js.
Original advisory details:
It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.
The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libnode-dev 12.22.9~dfsg-1ubuntu3.6+esm2 Available with Ubuntu Pro libnode72 12.22.9~dfsg-1ubuntu3.6+esm2 Available with Ubuntu Pro nodejs 12.22.9~dfsg-1ubuntu3.6+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libnode-dev 10.19.0~dfsg-3ubuntu1.6+esm2 Available with Ubuntu Pro libnode64 10.19.0~dfsg-3ubuntu1.6+esm2 Available with Ubuntu Pro nodejs 10.19.0~dfsg-3ubuntu1.6+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS nodejs 8.10.0~dfsg-2ubuntu0.4+esm6 Available with Ubuntu Pro nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm6 Available with Ubuntu Pro After a standard system update you need to restart Node.js to make all the necessary changes.
https://ubuntu.com/security/notices/USN-7469-3
https://ubuntu.com/security/notices/USN-7469-2
https://ubuntu.com/security/notices/USN-7469-1
CVE-2023-44487
Get the latest Linux and open source security news straight to your inbox.