USN-6735-1

See a problem?

Source

https://ubuntu.com/security/notices/USN-6735-1

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6735-1.json

JSON Data

https://api.osv.dev/v1/vulns/USN-6735-1

Related

Published

2024-04-16T11:31:52.953879Z

Modified

2024-04-16T11:31:52.953879Z

Summary

nodejs vulnerabilities

Details

It was discovered that Node.js incorrectly handled the use of invalid public keys while creating an x509 certificate. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 23.10. (CVE-2023-30588)

It was discovered that Node.js incorrectly handled the use of CRLF sequences to delimit HTTP requests. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to obtain unauthorised access. This issue only affected Ubuntu 23.10. (CVE-2023-30589)

It was discovered that Node.js incorrectly described the generateKeys() function in the documentation. This inconsistency could possibly lead to security issues in applications that use these APIs. (CVE-2023-30590)

References

Affected packages

Ubuntu:Pro:14.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@0.10.25~dfsg2-2ubuntu1.2+esm2?arch=src?distro=trusty/esm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.10.25~dfsg2-2ubuntu1.2+esm2

Affected versions

0.*

0.10.15~dfsg1-4

0.10.21~dfsg1-1

0.10.22~dfsg1-2

0.10.23~dfsg1-1

0.10.23~dfsg1-2

0.10.23~dfsg1-3

0.10.24~dfsg1-1

0.10.25~dfsg2-2

0.10.25~dfsg2-2ubuntu1

0.10.25~dfsg2-2ubuntu1.2

0.10.25~dfsg2-2ubuntu1.2+esm1

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
    "binaries": [
        {
            "nodejs-dbg": "0.10.25~dfsg2-2ubuntu1.2+esm2",
            "nodejs-dev": "0.10.25~dfsg2-2ubuntu1.2+esm2",
            "nodejs-dev-dbgsym": "0.10.25~dfsg2-2ubuntu1.2+esm2",
            "nodejs": "0.10.25~dfsg2-2ubuntu1.2+esm2",
            "nodejs-legacy": "0.10.25~dfsg2-2ubuntu1.2+esm2",
            "nodejs-dbgsym": "0.10.25~dfsg2-2ubuntu1.2+esm2"
        }
    ]
}

Ubuntu:Pro:16.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@4.2.6~dfsg-1ubuntu4.2+esm3?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.2.6~dfsg-1ubuntu4.2+esm3

Affected versions

0.*

0.10.25~dfsg2-2ubuntu1

4.*

4.2.2~dfsg-1

4.2.3~dfsg-1

4.2.4~dfsg-1ubuntu1

4.2.4~dfsg-2

4.2.6~dfsg-1ubuntu1

4.2.6~dfsg-1ubuntu4

4.2.6~dfsg-1ubuntu4.1

4.2.6~dfsg-1ubuntu4.2

4.2.6~dfsg-1ubuntu4.2+esm1

4.2.6~dfsg-1ubuntu4.2+esm2

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "nodejs-dbg": "4.2.6~dfsg-1ubuntu4.2+esm3",
            "nodejs-dev": "4.2.6~dfsg-1ubuntu4.2+esm3",
            "nodejs-dev-dbgsym": "4.2.6~dfsg-1ubuntu4.2+esm3",
            "nodejs": "4.2.6~dfsg-1ubuntu4.2+esm3",
            "nodejs-legacy": "4.2.6~dfsg-1ubuntu4.2+esm3",
            "nodejs-dbgsym": "4.2.6~dfsg-1ubuntu4.2+esm3"
        }
    ]
}

Ubuntu:Pro:18.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@8.10.0~dfsg-2ubuntu0.4+esm5?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

8.10.0~dfsg-2ubuntu0.4+esm5

Affected versions

6.*

6.11.4~dfsg-1ubuntu1

6.11.4~dfsg-1ubuntu2

6.12.0~dfsg-1ubuntu1

6.12.0~dfsg-2ubuntu1

6.12.0~dfsg-2ubuntu2

8.*

8.10.0~dfsg-2

8.10.0~dfsg-2ubuntu0.2

8.10.0~dfsg-2ubuntu0.3

8.10.0~dfsg-2ubuntu0.4

8.10.0~dfsg-2ubuntu0.4+esm1

8.10.0~dfsg-2ubuntu0.4+esm2

8.10.0~dfsg-2ubuntu0.4+esm3

8.10.0~dfsg-2ubuntu0.4+esm4

Ecosystem specific

{
    "availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
    "binaries": [
        {
            "nodejs-dev": "8.10.0~dfsg-2ubuntu0.4+esm5",
            "nodejs-doc": "8.10.0~dfsg-2ubuntu0.4+esm5",
            "nodejs": "8.10.0~dfsg-2ubuntu0.4+esm5",
            "nodejs-dbgsym": "8.10.0~dfsg-2ubuntu0.4+esm5"
        }
    ]
}

Ubuntu:20.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@10.19.0~dfsg-3ubuntu1.6?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

10.19.0~dfsg-3ubuntu1.6

Affected versions

10.*

10.15.2~dfsg-2ubuntu1

10.17.0~dfsg-2ubuntu4

10.17.0~dfsg-2ubuntu6

10.19.0~dfsg-3ubuntu1

10.19.0~dfsg-3ubuntu1.1

10.19.0~dfsg-3ubuntu1.2

10.19.0~dfsg-3ubuntu1.3

10.19.0~dfsg-3ubuntu1.5

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libnode64-dbgsym": "10.19.0~dfsg-3ubuntu1.6",
            "libnode64": "10.19.0~dfsg-3ubuntu1.6",
            "nodejs-doc": "10.19.0~dfsg-3ubuntu1.6",
            "nodejs": "10.19.0~dfsg-3ubuntu1.6",
            "libnode-dev": "10.19.0~dfsg-3ubuntu1.6",
            "nodejs-dbgsym": "10.19.0~dfsg-3ubuntu1.6"
        }
    ]
}

Ubuntu:22.04:LTS / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@12.22.9~dfsg-1ubuntu3.5?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

12.22.9~dfsg-1ubuntu3.5

Affected versions

12.*

12.22.5~dfsg-5ubuntu1

12.22.7~dfsg-2ubuntu1

12.22.7~dfsg-2ubuntu3

12.22.9~dfsg-1ubuntu2

12.22.9~dfsg-1ubuntu3

12.22.9~dfsg-1ubuntu3.1

12.22.9~dfsg-1ubuntu3.2

12.22.9~dfsg-1ubuntu3.3

12.22.9~dfsg-1ubuntu3.4

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "nodejs-doc": "12.22.9~dfsg-1ubuntu3.5",
            "libnode72": "12.22.9~dfsg-1ubuntu3.5",
            "nodejs": "12.22.9~dfsg-1ubuntu3.5",
            "libnode-dev": "12.22.9~dfsg-1ubuntu3.5",
            "libnode72-dbgsym": "12.22.9~dfsg-1ubuntu3.5",
            "nodejs-dbgsym": "12.22.9~dfsg-1ubuntu3.5"
        }
    ]
}

Ubuntu:23.10 / nodejs

Package

Name: nodejs
Purl: pkg:deb/ubuntu/nodejs@18.13.0+dfsg1-1ubuntu2.2?arch=src?distro=mantic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

18.13.0+dfsg1-1ubuntu2.2

Affected versions

18.*

18.13.0+dfsg1-1ubuntu2

18.13.0+dfsg1-1ubuntu2.1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "libnode108": "18.13.0+dfsg1-1ubuntu2.2",
            "libnode108-dbgsym": "18.13.0+dfsg1-1ubuntu2.2",
            "nodejs": "18.13.0+dfsg1-1ubuntu2.2",
            "libnode-dev": "18.13.0+dfsg1-1ubuntu2.2",
            "nodejs-doc": "18.13.0+dfsg1-1ubuntu2.2",
            "nodejs-dbgsym": "18.13.0+dfsg1-1ubuntu2.2"
        }
    ]
}