What Are You Looking For?

Popular Tags

Sign Up
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5472-1                   [email protected]
https://www.debian.org/security/                       Moritz Muehlenhoff
August 08, 2023                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cjose
CVE ID         : CVE-2023-37464
Debian Bug     : 1041423

It was discovered that an incorrect implementation of AES GCM decryption
in cjose, a C library implementing the JOSE standard may allow an attacker
to provide a truncated Authentication Tag and modify the JWE object.

For the oldstable distribution (bullseye), this problem has been fixed
in version 0.6.1+dfsg1-1+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 0.6.2.1-1+deb12u1.

We recommend that you upgrade your cjose packages.

For the detailed security status of cjose please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjose

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Debian: DSA-5472-1: cjose security update

August 8, 2023
It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentic...

Summary

It was discovered that an incorrect implementation of AES GCM decryption
in cjose, a C library implementing the JOSE standard may allow an attacker
to provide a truncated Authentication Tag and modify the JWE object.

For the oldstable distribution (bullseye), this problem has been fixed
in version 0.6.1+dfsg1-1+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 0.6.2.1-1+deb12u1.

We recommend that you upgrade your cjose packages.

For the detailed security status of cjose please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjose

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

Severity
Package : cjose
CVE ID : CVE-2023-37464
Debian Bug : 1041423

Related News

Mitigations for Severe JOSE for C/C++ DoS, Info Disclosure Bug Released

Sep 7, 2023

Remotely Exploitable ClamAV DoS Bug Discovered & Fixed

Aug 31, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 22, 2023

Important Fix for c-ares DoS Bug Released

Jun 22, 2023

News

Advisories

HOWTOs

Features

Everything You Need to Know About Linux Proxy Servers
Simple Steps for Identifying & Troubleshooting a Kernel Panic
Linux Endpoint Detection and Response (EDR): A Crucial Part of a Successful Cybersecurity Strategy
Supercharging Linux: Tips & Tricks to Beat the Threat Landscape
LinuxSecurity.com Migrates to Joomla 4 and PHP 8: Our Experience & Key Takeaways

About Us

Powered By

Footer Logo

Feedback