==========================================================================
Ubuntu Security Notice USN-7439-1
April 15, 2025

quickjs vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS

Summary:

Several security issues were fixed in QuickJS.

Software Description:
- quickjs: small and embeddable Javascript engine

Details:

It was discovered that QuickJS could be forced to reference uninitialized
memory in certain instances. An attacker could possibly use this issue to
cause QuickJS to crash, resulting in a denial of service, or execute
arbitrary code. (CVE-2023-48183)

It was discovered that QuickJS incorrectly managed memory in certain
circumstances. An attacker could possibly use this issue to exhaust
system resources, resulting in a denial of service. (CVE-2023-48184)

It was discovered that QuickJS could be forced to crash due to a
failing test. An attacker could possibly use this issue to cause a
denial of service. (CVE-2024-33263)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
  libquickjs                      2021.03.27-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro
  quickjs                         2021.03.27-1ubuntu0.1~esm1
                                  Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-7439-1
  CVE-2023-48183, CVE-2023-48184, CVE-2024-33263