Package "libnode108"
Name: |
libnode108
|
Description: |
evented I/O for V8 javascript - runtime library
|
Latest version: |
18.13.0+dfsg1-1ubuntu2.2 |
Release: |
mantic (23.10) |
Level: |
security |
Repository: |
universe |
Head package: |
nodejs |
Homepage: |
https://nodejs.org/ |
Links
Download "libnode108"
Other versions of "libnode108" in Mantic
Changelog
nodejs (18.13.0+dfsg1-1ubuntu2.2) mantic-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2023-30588.patch: fixed the issue that happens by
using an invalid public key in crypto.X509Certificate()
- CVE-2023-30588
* SECURITY UPDATE: Unauthorised Access
- debian/patches/CVE-2023-30589.patch: fixed the incorrect use of CRLF
sequence to delimit HTTP requests
- CVE-2023-30589
* SECURITY UPDATE: Incorrect Documentation for Diffie-Hellman APIs
- debian/patches/CVE-2023-30590.patch: fixed the inconsistency between the
documents and the function of Diffie-Hellman APIs
- CVE-2023-30590
-- Amir Naseredini <email address hidden> Mon, 25 Mar 2024 14:43:35 +0000
|
Source diff to previous version |
CVE-2023-30588 |
When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it sus |
CVE-2023-30589 |
The llhttp parser in the http module in Node v20.2.0 does not strictly use the CRLF sequence to delimit HTTP requests. This can lead to HTTP Request |
CVE-2023-30590 |
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a pr |
|
nodejs (18.13.0+dfsg1-1ubuntu2.1) mantic-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation
- debian/patches/CVE-2023-23920.patch: added `ICU_NO_USER_DATA_OVERRIDE` to
fix an issue with insecure loading of ICU data
- CVE-2023-23920
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2023-23919.patch: fixed a cryptographic vulnerability
in nodejs with invalid ca cert
- CVE-2023-23919
-- Amir Naseredini <email address hidden> Wed, 28 Feb 2024 12:41:27 +0000
|
CVE-2023-23920 |
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potent |
CVE-2023-23919 |
A cryptographic vulnerability exists in Node.js <19.2.0, <18.14.1, <16.19.1, <14.21.3 that in some cases did does not clear the OpenSSL error stack a |
|
About
-
Send Feedback to @ubuntu_updates