Debian Security Advisory 5472-1

Debian Security Advisory 5472-1: Posted Aug 9, 2023; Authored by Debian | Site debian.org; Debian Linux Security Advisory 5472-1 - It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard may allow an attacker to provide a truncated Authentication Tag and modify the JWE object.; tags | advisory; systems | linux, debian; advisories | CVE-2023-37464; SHA-256 | e815ed796d98716daec24718d9f1e8fca1f08e0f4680903994da1dabbc41af77; Download | Favorite | View

Debian Security Advisory 5472-1

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-5472-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
August 08, 2023                       https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : cjose
CVE ID         : CVE-2023-37464
Debian Bug     : 1041423

It was discovered that an incorrect implementation of AES GCM decryption
in cjose, a C library implementing the JOSE standard may allow an attacker
to provide a truncated Authentication Tag and modify the JWE object.

For the oldstable distribution (bullseye), this problem has been fixed
in version 0.6.1+dfsg1-1+deb11u1.

For the stable distribution (bookworm), this problem has been fixed in
version 0.6.2.1-1+deb12u1.

We recommend that you upgrade your cjose packages.

For the detailed security status of cjose please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/cjose

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmTSlQcACgkQEMKTtsN8
TjZCgw//ajZImjIQAbYdWOQPQCn4rrHu3FOcoyuHUluEZhiziZxEcsO+kSCDJBqa
e6LDuKC5B3uvA4UQcfXPbi2QqdQGbMBE8chmHqqOL6ia86VJhUBU7USu+PVpVn1k
Qf8SWtHGC/7OijpbJA0KQT99GKLrQI3z1maKjxT9t9OiYd7v1leuXIHd0G/fBeR+
aSimNdY5vTfdXJMreUopCxiyyiKIXjBzC1rct3/yxCqfPpw0WUmsXq4CcY0F6v0U
zpFOiHPHDwUwPfshPs6mNZRlDqnANLYunKn9Cs9c2ZYwCgNqs6CU8NYEXAuqLOCl
xCxMF1wq96nKl1RVHFP3xdp3LP0CL8Gnvm6sQ9lnzThrEnm+1bNo3Zfq4CpykSo2
FAwV56miW2G8cyBXPLAQRW9237AZw7mGovxckEgF6gmV/Q2Hn4DXBDC231cCsjhY
JFWB45zAKIqP3Y+ZntugJF8Tjipb3LxuJcxCu2GCaAL35tp/+T+8k6QFmcSGDz0J
QpWZArFmnejyjddctAUkWJQD1CPZbp+EUxZZbgG0QeSdiLQqqNPXXxtCVpWbnzyX
+0JkKD0f/3+bRv0vokbWgtN5EAvJR+2au29Jb/xVwE4dgXdS/yVqLndaBkbHxsJ2
tPoleid7Qij4yFvXDjrTcjH7LN61UF1Q5prZNBKnFA3uUtNPbJ4=
=3VDm
-----END PGP SIGNATURE-----

Top Authors In Last 30 Days

Red Hat 225 files
indoushka 116 files
Ubuntu 84 files
Gentoo 36 files
Jasper Nota 25 files
Debian 19 files
Willem Westerhof 19 files
Jim Blankendaal 11 files
Apple 9 files
Martijn Baalman 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,101)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,815)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,569)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,756)
UNIX (9,438)
UnixWare (187)
Windows (6,674)
Other

Debian Security Advisory 5472-1

Debian Security Advisory 5472-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Debian Security Advisory 5472-1

Share This

Debian Security Advisory 5472-1

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems