==========================================================================
Ubuntu Security Notice USN-6753-1
April 25, 2024
cryptojs vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 22.04 LTS (Available with Ubuntu Pro)
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS (Available with Ubuntu Pro)
- Ubuntu 16.04 LTS (Available with Ubuntu Pro)
Summary:
CryptoJS could be made to expose sensitive information.
Software Description:
- cryptojs: collection of cryptographic algorithms implemented in JavaScript
Details:
Thomas Neil James Shadwell discovered that CryptoJS was using an insecure
cryptographic default configuration. A remote attacker could possibly use
this issue to expose sensitive information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 22.04 LTS (Available with Ubuntu Pro):
   libjs-cryptojs                  3.1.2+dfsg-3ubuntu0.22.04.1~esm1
Ubuntu 20.04 LTS:
   libjs-cryptojs                  3.1.2+dfsg-2ubuntu0.20.04.1
Ubuntu 18.04 LTS (Available with Ubuntu Pro):
   libjs-cryptojs                  3.1.2+dfsg-2ubuntu0.18.04.1~esm1
Ubuntu 16.04 LTS (Available with Ubuntu Pro):
   libjs-cryptojs                  3.1.2+dfsg-2ubuntu0.16.04.1~esm1
In general, a standard system update will make all the necessary changes.
References:
   https://ubuntu.com/security/notices/USN-6753-1
   CVE-2023-46233
Package Information:
   https://launchpad.net/ubuntu/+source/cryptojs/3.1.2+dfsg-2ubuntu0.20.04.1