What Are You Looking For?

Popular Tags

Sign Up
--------------------------------------------------------------------------------
Fedora Update Notification
FEDORA-2023-d5f23da04a
2023-09-15 18:36:13.240546
--------------------------------------------------------------------------------

Name        : cjose
Product     : Fedora 39
Version     : 0.6.2.2
Release     : 2.fc39
URL         : https://github.com/OpenIDC/cjose
Summary     : C library implementing the Javascript Object Signing and Encryption (JOSE)
Description :
Implementation of JOSE for C/C++

--------------------------------------------------------------------------------
Update Information:

Security fix for CVE-2023-37464
--------------------------------------------------------------------------------
ChangeLog:

* Fri Sep  1 2023 Tomas Halman  - 0.6.2.2-2
- migrated to SPDX license
* Wed Jul 26 2023 Tomas Halman  - 0.6.2.2-1
- Rebase to version 0.6.2.2. Solves CVE-2023-37464.
  Resolves: rhbz#2223330
--------------------------------------------------------------------------------
References:

  [ 1 ] Bug #2223330 - TRIAGE-CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE [fedora-all]
        https://bugzilla.redhat.com/show_bug.cgi?id=2223330
--------------------------------------------------------------------------------

This update can be installed with the "dnf" update program. Use
su -c 'dnf upgrade --advisory FEDORA-2023-d5f23da04a' at the command
line. For more information, refer to the dnf documentation available at
https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

All packages are signed with the Fedora Project GPG key. More details on the
GPG keys used by the Fedora Project can be found at
https://fedoraproject.org/keys
--------------------------------------------------------------------------------
_______________________________________________
package-announce mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/[email protected]
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue

Fedora 39: cjose 2023-d5f23da04a

September 15, 2023
Security fix for CVE-2023-37464

Summary

Implementation of JOSE for C/C++

Update Information:

Security fix for CVE-2023-37464

Change Log

* Fri Sep 1 2023 Tomas Halman - 0.6.2.2-2 - migrated to SPDX license * Wed Jul 26 2023 Tomas Halman - 0.6.2.2-1 - Rebase to version 0.6.2.2. Solves CVE-2023-37464. Resolves: rhbz#2223330

References

[ 1 ] Bug #2223330 - TRIAGE-CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE [fedora-all] https://bugzilla.redhat.com/show_bug.cgi?id=2223330

Update Instructions

This update can be installed with the "dnf" update program. Use su -c 'dnf upgrade --advisory FEDORA-2023-d5f23da04a' at the command line. For more information, refer to the dnf documentation available at https://dnf.readthedocs.io/en/latest/command_ref.html#upgrade-command-label

Severity
Name : cjose
Product : Fedora 39
Version : 0.6.2.2
Release : 2.fc39
URL : https://github.com/OpenIDC/cjose
Summary : C library implementing the Javascript Object Signing and Encryption (JOSE)

Related News

Librem 11: Purism Unveils a Privacy-Focused Linux Tablet

Sep 15, 2023

Critical PHP Info Disclosure, Code Execution Bugs Fixed

Sep 7, 2023

Multiple Severe, Remotely Exploitable Chromium Vulns Fixed

Sep 15, 2023

Remotely Exploitable Poppler DoS Bugs Fixed - Update Now!

Sep 22, 2023

News

Advisories

HOWTOs

Features

The Unseen Potential of Wake-on-LAN
Linux Vulnerabilities: The Antidote to This Linux Security Poison
Preventing Linux DDoS Attacks with Minimal Cybersecurity Knowledge
Navigating Software Scalability: A Practical Guide to Building Scalable Systems with Linux
Unlocking the Secrets of Linux Security: An Expert Analysis

About Us

Powered By

Footer Logo

Feedback