USN-7469-3: Node.js vulnerability

Releases

• Ubuntu 22.04 LTS
• Ubuntu 20.04 ESM
• Ubuntu 18.04 ESM

Packages

• nodejs - An open-source, cross-platform JavaScript runtime environment.

Details

USN-7469-1 fixed a vulnerability in Apache Traffic Server. This update
provides the corresponding updates for Node.js.

Original advisory details:

It was discovered that Apache Traffic Server exhibited poor server
resource management in its HTTP/2 protocol. An attacker could possibly
use this issue to cause Apache Traffic Server to crash, resulting in
a denial of service.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 22.04

• libnode-dev - 12.22.9~dfsg-1ubuntu3.6+esm2
  Available with Ubuntu Pro
• libnode72 - 12.22.9~dfsg-1ubuntu3.6+esm2
  Available with Ubuntu Pro
• nodejs - 12.22.9~dfsg-1ubuntu3.6+esm2
  Available with Ubuntu Pro

Ubuntu 20.04

• libnode-dev - 10.19.0~dfsg-3ubuntu1.6+esm2
  Available with Ubuntu Pro
• libnode64 - 10.19.0~dfsg-3ubuntu1.6+esm2
  Available with Ubuntu Pro
• nodejs - 10.19.0~dfsg-3ubuntu1.6+esm2
  Available with Ubuntu Pro

Ubuntu 18.04

• nodejs - 8.10.0~dfsg-2ubuntu0.4+esm6
  Available with Ubuntu Pro
• nodejs-dev - 8.10.0~dfsg-2ubuntu0.4+esm6
  Available with Ubuntu Pro

After a standard system update you need to restart Node.js to make all
the necessary changes.

References

• CVE-2023-44487

Related notices

• USN-6427-1
• USN-6427-2
• USN-6438-1
• USN-6505-1
• USN-6574-1
• USN-6754-1
• USN-6994-1
• USN-7067-1
• USN-7410-1
• USN-7469-1
• USN-7469-2
• USN-7469-4