ClickCease Several Node.js Vulnerabilities Fixed in Ubuntu

Content Table

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Several Node.js Vulnerabilities Fixed in Ubuntu

Rohan Timalsina

October 10, 2023 - TuxCare expert team

The recent Ubuntu security updates have addressed several Node.js vulnerabilities, including high and critical severity flaws in different Ubuntu versions. These issues could result in a denial of service or exposure to sensitive information when exploited by attackers. Therefore, updating Node.js packages is highly recommended to maintain the system security.

 

Node.js Vulnerabilities Patched in Ubuntu

 

CVE-2019-15604

CVSS 3.x Score: 7.5 High

Discovered by Rogier Schouten, this vulnerability was caused due to the incorrect handling of certain inputs by Node.js. When a user or an automated system opens a specially crafted input file, a remote attacker can use this issue to cause a denial of service. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS systems are only affected by this flaw.

Both Ubuntu versions have already reached the end of life, so the update is only available for Ubuntu Pro subscribers. Alternatively, you can use TuxCare’s Extended Lifecycle Support for automated vulnerability patches for up to four years after the end-of-life period.

 

CVE-2019-15605

CVSS 3.x Score: 9.8 Critical

Ethan Rubinson identified a vulnerability in Node.js where it mishandled certain inputs. A remote attacker may be able to use this flaw to gain sensitive information if they can trick a user or automated system into opening a specially crafted input file. Ubuntu 16.04 LTS and Ubuntu 18.04 LTS systems are only affected.

 

CVE-2019-15606

CVSS 3.x Score: 9.8 Critical

Alyssa Wilk found a flaw in Node.js that mishandled specific inputs. If a user or an automated system were deceived into opening a specially crafted input file, it could potentially enable a remote attacker to execute arbitrary code. This vulnerability was limited to Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.

 

CVE-2020-8174

CVSS 3.x Score: 8.1 High

Tobias Niessen identified an issue in Node.js where it mishandled specific inputs. If a user or an automated system were deceived into opening a specially crafted input file, it could potentially be exploited by a remote attacker to trigger a denial of service. Ubuntu 18.04 LTS and Ubuntu 20.04 LTS are only affected.

 

CVE-2020-8265 (CVSS 3.x Score: 8.1 High), CVE-2020-8287 (CVSS 3.x Score: 6.5 Medium)

A vulnerability was detected in Node.js where it mishandled specific inputs. If a user or an automated system were deceived into opening a specially crafted input file, it could potentially lead to a denial of service when exploited by a remote attacker.

 

CVE-2021-22883

CVSS 3.x Score: 7.5 High

A vulnerability was identified in Node.js due to improper handling of certain inputs. If a user or an automated system were deceived into opening a specially crafted input file, it could potentially be exploited by a remote attacker to trigger a denial of service. It’s important to note that this issue was addressed and resolved in Ubuntu 20.04 LTS only.

 

CVE-2021-22884

CVSS 3.x Score: 7.5 High

Vít Šesták detected a vulnerability in Node.js where it mishandled specific inputs. If a user or an automated system were deceived into opening a specially crafted input file, it could potentially allow a remote attacker to execute arbitrary code. This issue was addressed in Ubuntu 20.04 LTS and Ubuntu 18.04 LTS.

 

Final Thoughts

 

All these vulnerabilities have been addressed in the new package versions, so you must upgrade your Node.js packages to avoid the security risks. Security is a continuous process, and it requires you to stay vigilant and secure the system with the latest security patches and best practices.

Fortify your Ubuntu system with Linux kernel live patching. Utilize automated patching solutions like KernelCare Enterprise, which automatically applies important security updates to the Linux kernel without the need for a system reboot, ensuring continuous operation and minimizing downtime. KernelCare supports all major Linux distributions, including Ubuntu, Debian, AlmaLinux, RHEL, CentOS, Rocky Linux, CloudLinux, Oracle Linux, Amazon Linux, and more.

 

The sources for this article are available at USN-6380-1 and USN-6418-1.

Summary
Several Node.js Vulnerabilities Fixed in Ubuntu
Article Name
Several Node.js Vulnerabilities Fixed in Ubuntu
Description
Learn about the high-severity Node.js vulnerabilities that have been addressed in different Ubuntu OS versions. Update your systems now!
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Become a TuxCare Guest Writer

Get started

Mail

Join

4,500

Linux & Open Source
Professionals!

Subscribe to
our newsletter