Alerts This Week
Warning Icon 1 525
Alerts This Week
Warning Icon 1 525

Ubuntu 22.04 LTS: USN-7469-3 critical: Node.js Denial of Service

Calendar Apr 29, 2025 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory denial of service software update Ubuntu network attack nodejs
Node.js could be made to crash if it received specially crafted network traffic. 
==========================================================================
Ubuntu Security Notice USN-7469-3
April 29, 2025

nodejs vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS

Summary:

Node.js could be made to crash if it received specially crafted network
traffic.

Software Description:
- nodejs: An open-source, cross-platform JavaScript runtime environment.

Details:

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update
provides the corresponding updates for Node.js.

Original advisory details:

  It was discovered that Apache Traffic Server exhibited poor server
  resource management in its HTTP/2 protocol. An attacker could possibly
  use this issue to cause Apache Traffic Server to crash, resulting in
  a denial of service.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 22.04 LTS
   libnode-dev                     12.22.9~dfsg-1ubuntu3.6+esm2
                                   Available with Ubuntu Pro
   libnode72                       12.22.9~dfsg-1ubuntu3.6+esm2
                                   Available with Ubuntu Pro
   nodejs                          12.22.9~dfsg-1ubuntu3.6+esm2
                                   Available with Ubuntu Pro

Ubuntu 20.04 LTS
   libnode-dev                     10.19.0~dfsg-3ubuntu1.6+esm2
                                   Available with Ubuntu Pro
   libnode64                       10.19.0~dfsg-3ubuntu1.6+esm2
                                   Available with Ubuntu Pro
   nodejs                          10.19.0~dfsg-3ubuntu1.6+esm2
                                   Available with Ubuntu Pro

Ubuntu 18.04 LTS
   nodejs                          8.10.0~dfsg-2ubuntu0.4+esm6
                                   Available with Ubuntu Pro
   nodejs-dev                      8.10.0~dfsg-2ubuntu0.4+esm6
                                   Available with Ubuntu Pro

After a standard system update you need to restart Node.js to make all
the necessary changes.

References:
https://ubuntu.com/security/notices/USN-7469-3
https://ubuntu.com/security/notices/USN-7469-2
https://ubuntu.com/security/notices/USN-7469-1
   CVE-2023-44487

Ubuntu 22.04 LTS: USN-7469-3 critical: Node.js Denial of Service

ubuntu
Calendar Grey April 29, 2025
Dist Ubuntu Esm H88
Ubuntu's Node.js faces stability issues due to specially designed traffic causing system failures. Stay informed for the latest news and information regarding the repair.
Node.js could be made to crash if it received specially crafted network traffic.

Summary

A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Node.js could be made to crash if it received specially crafted network traffic. Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment. Details: USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Node.js. Original advisory details:  It was discovered that Apache Traffic Server exhibited poor server  resource management in its HTTP/2 protocol. An attacker could possibly  use this issue to cause Apache Traffic Server to crash, resulting in  a denial of service.

Topics%20covered

Topics Covered

security advisory denial of service software update Ubuntu network attack nodejs

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS   libnode-dev                     12.22.9~dfsg-1ubuntu3.6+esm2                                   Available with Ubuntu Pro   libnode72                       12.22.9~dfsg-1ubuntu3.6+esm2                                   Available with Ubuntu Pro   nodejs                          12.22.9~dfsg-1ubuntu3.6+esm2                                   Available with Ubuntu Pro Ubuntu 20.04 LTS   libnode-dev                     10.19.0~dfsg-3ubuntu1.6+esm2                                   Available with Ubuntu Pro   libnode64                       10.19.0~dfsg-3ubuntu1.6+esm2                                   Available with Ubuntu Pro   nodejs                          10.19.0~dfsg-3ubuntu1.6+esm2                                   Available with Ubuntu Pro Ubuntu 18.04 LTS   nodejs                          8.10.0~dfsg-2ubuntu0.4+esm6                                   Available with Ubuntu Pro   nodejs-dev                      8.10.0~dfsg-2ubuntu0.4+esm6                                   Available with Ubuntu Pro After a standard system update you need to restart Node.js to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-7469-3

https://ubuntu.com/security/notices/USN-7469-2

https://ubuntu.com/security/notices/USN-7469-1

  CVE-2023-44487

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7469-3

Topics%20covered

Topics Covered

security advisory denial of service software update Ubuntu network attack nodejs

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here