Ubuntu Security Notice 6753-1 - Thomas Neil James Shadwell discovered that CryptoJS was using an insecure cryptographic default configuration. A remote attacker could possibly use this issue to expose sensitive information.
9b59079ffc816463d7133b64a1e0918a00b6e29ba9a8c0f1321f133a3a7f8bb4==========================================================================
Ubuntu Security Notice USN-6753-1
April 25, 2024
cryptojs vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
CryptoJS could be made to expose sensitive information.
Software Description:
- cryptojs: collection of cryptographic algorithms implemented in JavaScript
Details:
Thomas Neil James Shadwell discovered that CryptoJS was using an insecure
cryptographic default configuration. A remote attacker could possibly use
this issue to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
libjs-cryptojs 3.1.2+dfsg-3ubuntu0.22.04.1~esm1
Ubuntu 20.04 LTS:
libjs-cryptojs 3.1.2+dfsg-2ubuntu0.20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
libjs-cryptojs 3.1.2+dfsg-2ubuntu0.18.04.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
libjs-cryptojs 3.1.2+dfsg-2ubuntu0.16.04.1~esm1
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-6753-1
CVE-2023-46233
Package Information:
https://launchpad.net/ubuntu/+source/cryptojs/3.1.2+dfsg-2ubuntu0.20.04.1
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed