========================================================================== Ubuntu Security Notice USN-7469-3 April 29, 2025
nodejs vulnerability ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Node.js could be made to crash if it received specially crafted network traffic. Software Description: - nodejs: An open-source, cross-platform JavaScript runtime environment. Details: USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update provides the corresponding updates for Node.js. Original advisory details: It was discovered that Apache Traffic Server exhibited poor server resource management in its HTTP/2 protocol. An attacker could possibly use this issue to cause Apache Traffic Server to crash, resulting in a denial of service. Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 22.04 LTS libnode-dev 12.22.9~dfsg-1ubuntu3.6+esm2 Available with Ubuntu Pro libnode72 12.22.9~dfsg-1ubuntu3.6+esm2 Available with Ubuntu Pro nodejs 12.22.9~dfsg-1ubuntu3.6+esm2 Available with Ubuntu Pro Ubuntu 20.04 LTS libnode-dev 10.19.0~dfsg-3ubuntu1.6+esm2 Available with Ubuntu Pro libnode64 10.19.0~dfsg-3ubuntu1.6+esm2 Available with Ubuntu Pro nodejs 10.19.0~dfsg-3ubuntu1.6+esm2 Available with Ubuntu Pro Ubuntu 18.04 LTS nodejs 8.10.0~dfsg-2ubuntu0.4+esm6 Available with Ubuntu Pro nodejs-dev 8.10.0~dfsg-2ubuntu0.4+esm6 Available with Ubuntu Pro After a standard system update you need to restart Node.js to make all the necessary changes. References: https://ubuntu.com/security/notices/USN-7469-3 https://ubuntu.com/security/notices/USN-7469-2 https://ubuntu.com/security/notices/USN-7469-1 CVE-2023-44487
OpenPGP_signature.asc
Description: OpenPGP digital signature
