Alerts This Week
Warning Icon 1 1,154
Alerts This Week
Warning Icon 1 1,154

Ubuntu 24.04 LTS: USN-7439-1 critical: QuickJS denial of service issues

ubuntu
Calendar Grey April 15, 2025
Dist Ubuntu Esm H88
Multiple vulnerabilities in QuickJS addressed, notably a denial of service issue, alongside new updates available for Ubuntu 24.04 LTS.
Several security issues were fixed in QuickJS.

Summary

Several security issues were fixed in QuickJS.

Software Description:

- quickjs: small and embeddable Javascript engine

Details:

It was discovered that QuickJS could be forced to reference uninitialized

memory in certain instances. An attacker could possibly use this issue to

cause QuickJS to crash, resulting in a denial of service, or execute

arbitrary code. (CVE-2023-48183)

It was discovered that QuickJS incorrectly managed memory in certain

circumstances. An attacker could possibly use this issue to exhaust

system resources, resulting in a denial of service. (CVE-2023-48184)

It was discovered that QuickJS could be forced to crash due to a

failing test. An attacker could possibly use this issue to cause a

denial of service. (CVE-2024-33263)

Update Instructions

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
   libquickjs                      2021.03.27-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro
   quickjs                         2021.03.27-1ubuntu0.1~esm1
                                   Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References

  https://ubuntu.com/security/notices/USN-7439-1

  CVE-2023-48183, CVE-2023-48184, CVE-2024-33263

Severity
critical
Lowest
Low
Medium
High
Critical

Ubuntu Security Notice USN-7439-1

Package Information

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here