Alerts This Week
Warning Icon 1 764
Alerts This Week
Warning Icon 1 764

Fedora 37: CJOSec Fix for Critical Authentication Issue CVE-2023-37464

fedora
Calendar Grey September 10, 2023
Dist Fedora Esm H88
Fedora 37 tackles a significant AES GCM encryption flaw by implementing a security patch for cjose.
Security fix for CVE-2023-37464

Summary

Implementation of JOSE for C/C++

Update Information:

Security fix for CVE-2023-37464

Topics%20covered

Topics Covered

security advisory critical Fedora security fix authentication issue cjose

Change Log

* Fri Sep 1 2023 Tomas Halman - 0.6.2.2-2 - migrated to SPDX license * Wed Jul 26 2023 Tomas Halman - 0.6.2.2-1 - Rebase to version 0.6.2.2. Solves CVE-2023-37464. Resolves: rhbz#2223330 * Wed Jul 20 2022 Fedora Release Engineering - 0.6.1-11 - Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild * Wed Jan 19 2022 Fedora Release Engineering - 0.6.1-10 - Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild * Tue Sep 14 2021 Sahana Prasad - 0.6.1-9 - Rebuilt with OpenSSL 3.0.0

References


[ 1 ] Bug #2223330 - TRIAGE-CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2223330

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-cf01e05114' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cjose
Product: Fedora 37
Version: 0.6.2.2
Release: 2.fc37
URL: https://github.com/OpenIDC/cjose
Summary: C library implementing the Javascript Object Signing and Encryption (JOSE)

Topics%20covered

Topics Covered

security advisory critical Fedora security fix authentication issue cjose

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here