Tuesday, April 15, 2025

[USN-7439-1] QuickJS vulnerabilities

-----BEGIN PGP SIGNATURE-----

wsF5BAABCAAjFiEEyMDHOTG0YH5UsajI8pSCVQZYHygFAmf+sFAFAwAAAAAACgkQ8pSCVQZYHyga
chAAj70bohHnbtBYiA8m5EesW/5ygB0gg7BlxqXTT7cBx0Ql3d6OlBQCyX2zW661bY6UmVmF6Cov
ST9mJ/ymKsC/10ytVhFexumFpTE+OLsxzIaVlk47bF/U+XYGOqvDyAOwxtHqlx87yH66JJEKMm1P
rmcbBQW+6LbgqGORu3+We1uiT9qobBFpB8ogWukHTOtcchi0ljuaJCPch48HkMqKTsqmOUxDgAaf
N6gEcP/ZqbzYiwePXXZGbf+wguxnwTZcERl5swIaApMqR6GHKvZfKVnInT1/tUavMXn9zlkLsyvz
Mk+eaw8D4fVZa+Xe0PqZPC+yu77s0p0e1mLosnbhnh0T4dC/ArbClgl//zzG62gWwrxE+KDi5NUS
kc1WGxE9viV2xpx3M4sR7soR3AzqdraExl9WehER8YrI4LWQmUzQ6WK4mfCt0lqp9FvLN8j8riJV
2AYU2QEDT1VVgNZcNFo7E1ZZuOZ6byErrYZ0bG9aRpSQY3OmrSI5dW2FFFs6pafpQuODl08IS2MP
U5blGon5yO472/aYT6IdGpxDkTLs5m1TTGgQbeJrKWs9sM2aIofSlbcJxveq9pnBmSSUuSmS8D2c
0RIG2a5m3H698KwEwGjMGpvKufFT19uIYFbhzwtBHlvIyV2bxZzYS8wVN/JTNt7iItk2ZPPULE9m
af4=
=kdPb
-----END PGP SIGNATURE-----
==========================================================================
Ubuntu Security Notice USN-7439-1
April 15, 2025

quickjs vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in QuickJS.

Software Description:
- quickjs: small and embeddable Javascript engine

Details:

It was discovered that QuickJS could be forced to reference uninitialized
memory in certain instances. An attacker could possibly use this issue to
cause QuickJS to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2023-48183)

It was discovered that QuickJS incorrectly managed memory in certain
circumstances. An attacker could possibly use this issue to exhaust
system resources, resulting in a denial of service. (CVE-2023-48184)

It was discovered that QuickJS could be forced to crash due to a
failing test. An attacker could possibly use this issue to cause a
denial of service. (CVE-2024-33263)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libquickjs                      2021.03.27-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  quickjs                         2021.03.27-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7439-1
  CVE-2023-48183, CVE-2023-48184, CVE-2024-33263

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)