[ALSA-2024:9181] Moderate: jose security update
Type:
security
Severity:
moderate
Release date:
2024-11-18
Description:
Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption (NBDE) in AlmaLinux. Security Fix(es): * jose: resource exhaustion (CVE-2024-28176) * jose: Denial of service due to uncontrolled CPU consumption (CVE-2023-50967) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
References:
Updated packages listed below:
Architecture Package Checksum
aarch64 libjose-devel-14-1.el9.aarch64.rpm 00f856532a96fac634b258a9542cc56ecb73eb7851cd6fba1dcc0233118f1105
aarch64 libjose-14-1.el9.aarch64.rpm 2b7b84669ffbaf64fc03441528075f5695d4a79219060a788c1583ee18f6d32d
aarch64 jose-14-1.el9.aarch64.rpm 56307f35aaf26b518953776033c0ecea43d9f9ca90c8db303773d534b2ea76e1
i686 libjose-14-1.el9.i686.rpm ac99113fd5e73b037859bb8e71c7603da06904da40429b9160410e4eed8bf945
i686 libjose-devel-14-1.el9.i686.rpm c924138bceaf77ad42477b8c1dbe840d6bb2790d26c2b8c0d42d0f3162512398
ppc64le libjose-devel-14-1.el9.ppc64le.rpm 211a938df7b22c4be94aefc0293b355be46258156d7a076888e597101c912e0d
ppc64le libjose-14-1.el9.ppc64le.rpm 3ba9ca0bca7198741c08577fb25814f0e0c320e6d115661f8c647098ee2a6822
ppc64le jose-14-1.el9.ppc64le.rpm aa0cb7dca2d80102b1bfa8d2aeb7bc8c3c4fe0585fa3582bda8ca4f538074ec2
s390x jose-14-1.el9.s390x.rpm 2624d16b26c256349c3b213d31b1391e945be0d437c947af8bd6a403a6938a4c
s390x libjose-devel-14-1.el9.s390x.rpm 5dc81a134979aaf9d863b9eff5c7ded16a4b216c05d95e3aea5a8acb2355b675
s390x libjose-14-1.el9.s390x.rpm 6185f276c825313355f9cf57fb0f3e1f927024ad64eb4102b1a66aa0dc00a7b1
x86_64 jose-14-1.el9.x86_64.rpm 7be5a51a1aa919dccb2f1dcdcd35ba1d53f7c4bf737bf03ab65a09be219811de
x86_64 libjose-devel-14-1.el9.x86_64.rpm c81ad45bbc22795e046a30b39b0dd2ecf1ba9ebbda49b0304ed61b693accd3f6
x86_64 libjose-14-1.el9.x86_64.rpm eb3a464e72b9ba6c8bce813aaff61dd4c946da297db256594e00c1b73311736e
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.