[ALSA-2023:4411] Important: cjose security update
Type:
security
Severity:
important
Release date:
2023-08-02
Description:
CJose is C library implementing the Javascript Object Signing and Encryption (JOSE). Security Fix(es): * cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE (CVE-2023-37464) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 cjose-0.6.1-13.el9_2.alma.aarch64.rpm ba6a3e47385d426da1fb56f855cecb66dc3bed5061cd8f71fe13a7685cce858a
i686 cjose-0.6.1-13.el9_2.alma.i686.rpm 82ac6e178f4a174521fe630b0a7151bcef641ec4698bc0fecde1fdb6d4877c95
ppc64le cjose-0.6.1-13.el9_2.alma.ppc64le.rpm eb2cb48a688d7c2b5e9a3a3d8317af46776ce43698a4d380d34a7b26cf06b1af
s390x cjose-0.6.1-13.el9_2.alma.s390x.rpm 2c4b5ba1acd58f94e4d1d529c4e323138c97ae107b281a1fbede79cad62d33b0
x86_64 cjose-0.6.1-13.el9_2.alma.x86_64.rpm ec92fb40f6ff1dcdb8f991a55494a943dcea3091d8bd828cade2b9b28e7df251
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.