USN-6822-1: Node.js vulnerabilities

Releases

• Ubuntu 23.10
• Ubuntu 22.04 LTS

Packages

• nodejs - An open-source, cross-platform JavaScript runtime environment.

Details

It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to bypass the policy mechanism. (CVE-2023-32002, CVE-2023-32006)

It was discovered that Node.js incorrectly handled certain inputs when it is
using the policy mechanism. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to perform a privilege escalation. (CVE-2023-32559)

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 23.10

• libnode108 - 18.13.0+dfsg1-1ubuntu2.3
• nodejs - 18.13.0+dfsg1-1ubuntu2.3

Ubuntu 22.04

• libnode72 - 12.22.9~dfsg-1ubuntu3.6
• nodejs - 12.22.9~dfsg-1ubuntu3.6

In general, a standard system update will make all the necessary changes.

References

• CVE-2023-32002
• CVE-2023-32559
• CVE-2023-32006