Alerts This Week
Warning Icon 1 758
Alerts This Week
Warning Icon 1 758

Fedora 39 FEDORA-2023-d5f23da04a Critical: cjose AES GCM Decryption Issue

fedora
Calendar Grey September 15, 2023
Dist Fedora Esm H88
Fedora 39 cjose package upgrade addresses CVE-2023-37464 significant vulnerability impacting user authentication.
Security fix for CVE-2023-37464

Summary

Implementation of JOSE for C/C++

Update Information:

Security fix for CVE-2023-37464

Change Log

* Fri Sep 1 2023 Tomas Halman - 0.6.2.2-2 - migrated to SPDX license * Wed Jul 26 2023 Tomas Halman - 0.6.2.2-1 - Rebase to version 0.6.2.2. Solves CVE-2023-37464. Resolves: rhbz#2223330

References


[ 1 ] Bug #2223330 - TRIAGE-CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2223330

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d5f23da04a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html

Severity
critical
Lowest
Low
Medium
High
Critical

Name: cjose
Product: Fedora 39
Version: 0.6.2.2
Release: 2.fc39
Summary: C library implementing the Javascript Object Signing and Encryption (JOSE)

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here