It was discovered that Node.js incorrectly handled the use of invalid public
keys while creating an x509 certificate. If a user or an automated system were
tricked into opening a specially crafted input file, a remote attacker could
possibly use this issue to cause a denial of service. This issue only affected
Ubuntu 23.10. (CVE-2023-30588)
It was discovered that Node.js incorrectly handled the use of CRLF sequences to
delimit HTTP requests. If a user or an automated system were tricked into
opening a specially crafted input file, a remote attacker could possibly use
this issue to obtain unauthorised access. This issue only affected
Ubuntu 23.10. (CVE-2023-30589)
It was discovered that Node.js incorrectly described the generateKeys()
function in the documentation. This inconsistency could possibly lead to
security issues in applications that use these APIs.
(CVE-2023-30590)
More Stories
USN-6759-1: FreeRDP vulnerabilities
It was discovered that FreeRDP incorrectly handled certain memory operations. If a user were tricked into connecting to a malicious...
USN-6757-1: PHP vulnerabilities
It was discovered that PHP incorrectly handled PHP_CLI_SERVER_WORKERS variable. An attacker could possibly use this issue to cause a crash...
USN-6744-3: Pillow vulnerability
USN-6744-1 fixed a vulnerability in Pillow. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Hugo...
USN-6734-2: libvirt vulnerabilities
USN-6734-1 fixed vulnerabilities in libvirt. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Alexander Kuznetsov...
USN-6733-2: GnuTLS vulnerabilities
USN-6733-1 fixed vulnerabilities in GnuTLS. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: It was...
USN-6718-3: curl vulnerabilities
USN-6718-1 fixed vulnerabilities in curl. This update provides the corresponding updates for Ubuntu 24.04 LTS. Original advisory details: Dan Fandrich...