Package "libnode-dev"
Name: |
libnode-dev
|
Description: |
evented I/O for V8 javascript (development files)
|
Latest version: |
10.19.0~dfsg-3ubuntu1.6 |
Release: |
focal (20.04) |
Level: |
security |
Repository: |
universe |
Head package: |
nodejs |
Homepage: |
http://nodejs.org/ |
Links
Download "libnode-dev"
Other versions of "libnode-dev" in Focal
Changelog
nodejs (10.19.0~dfsg-3ubuntu1.6) focal-security; urgency=medium
* SECURITY UPDATE: Incorrect Documentation for Diffie-Hellman APIs
- debian/patches/CVE-2023-30590.patch: fixed the inconsistency between the
documents and the function of Diffie-Hellman APIs
- CVE-2023-30590
-- Amir Naseredini <email address hidden> Wed, 03 Apr 2024 09:09:55 +0100
|
Source diff to previous version |
CVE-2023-30590 |
The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a pr |
|
nodejs (10.19.0~dfsg-3ubuntu1.5) focal-security; urgency=medium
* SECURITY UPDATE: Privilege Escalation
- debian/patches/CVE-2023-23920.patch: added `ICU_NO_USER_DATA_OVERRIDE` to
fix an issue with insecure loading of ICU data
- CVE-2023-23920
* debian/patches/fix-dns-tests.patch: first part of fix of two dns tests
* debian/patches/fix-test-net-dns-error.patch: fixed the issue in the test
* debian/patches/fix-test-http-dns-error.patch: fixed the issue in the test
-- Amir Naseredini <email address hidden> Mon, 19 Feb 2024 16:37:59 +0000
|
Source diff to previous version |
CVE-2023-23920 |
An untrusted search path vulnerability exists in Node.js. <19.6.1, <18.14.1, <16.19.1, and <14.21.3 that could allow an attacker to search and potent |
|
nodejs (10.19.0~dfsg-3ubuntu1.3) focal-security; urgency=medium
* SECURITY UPDATE: Arbitrary Code Execution
- debian/patches/CVE-2022-32212-1.patch: fixed IPv4 validation in
inspector_socket
- debian/patches/CVE-2022-32212-2.patch: fixed IPv4 non routable validation
- debian/patches/CVE-2022-43548.patch: harden IP address validation again
- CVE-2022-32212
- CVE-2022-43548
-- Amir Naseredini <email address hidden> Fri, 17 Nov 2023 11:11:22 +0000
|
Source diff to previous version |
CVE-2022-32212 |
A OS Command Injection vulnerability exists in Node.js versions <14.20.0, <16.20.0, <18.5.0 due to an insufficient IsAllowedHost check that can easil |
CVE-2022-43548 |
A OS Command Injection vulnerability exists in Node.js versions <14.21.1, <16.18.1, <18.12.1, <19.0.1 due to an insufficient IsAllowedHost check that |
|
nodejs (10.19.0~dfsg-3ubuntu1.2) focal-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2021-22883.patch: fixed a memory exhaustion in http2
module
- CVE-2021-22883
* SECURITY UPDATE: Remote Code Execution
- debian/patches/CVE-2021-22884.patch: fixed a DNS rebinding in nodejs
- CVE-2021-22884
-- Amir Naseredini <email address hidden> Fri, 29 Sep 2023 13:26:08 +0100
|
Source diff to previous version |
CVE-2021-22883 |
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too many connection attempts with an 'unknownP |
CVE-2021-22884 |
Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the whitelist includes “localhost6”. When “localhost6 |
|
nodejs (10.19.0~dfsg-3ubuntu1.1) focal-security; urgency=medium
* SECURITY UPDATE: Denial of Service
- debian/patches/CVE-2020-8174.patch: fixed a buffer overflows in nodejs
- debian/patches/CVE-2020-8265.patch: fixed a use-after-free in TLSWrap
- debian/patches/CVE-2020-8287.patch: fixed an HTTP Request Smuggling
issue in Transfer-Encoding
- CVE-2020-8174
- CVE-2020-8265
- CVE-2020-8287
* debian/patches/test_update_test-tls-passphrase.patch: fixed the error with
tls-passphrase test
-- Amir Naseredini <email address hidden> Thu, 07 Sep 2023 12:20:44 +0100
|
CVE-2020-8174 |
napi_get_value_string_*() allows various kinds of memory corruption in node < 10.21.0, 12.18.0, and < 14.4.0. |
CVE-2020-8265 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 are vulnerable to a use-after-free bug in its TLS implementation. When writing to a TLS ena |
CVE-2020-8287 |
Node.js versions before 10.23.1, 12.20.1, 14.15.4, 15.5.1 allow two copies of a header field in an HTTP request (for example, two Transfer-Encoding h |
|
About
-
Send Feedback to @ubuntu_updates