Fedora 38: 2023-151d5b3da1 Critical cjose Security Update - AES GCM Issue
fedora
September 10, 2023
Security fix for CVE-2023-37464
Summary
Implementation of JOSE for C/C++
Update Information:
Security fix for CVE-2023-37464
Topics Covered
Change Log
* Fri Sep 1 2023 Tomas Halman
References
[ 1 ] Bug #2223330 - TRIAGE-CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE [fedora-all]
https://bugzilla.redhat.com/show_bug.cgi?id=2223330
Update Instructions
This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-151d5b3da1' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Name: cjose
Product: Fedora 38
Version: 0.6.2.2
Release: 2.fc38
Summary: C library implementing the Javascript Object Signing and Encryption (JOSE)
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!