SUSE-SU-2023:3030-1

Details

Description of the patch:

This update for cjose fixes the following issues:

CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).

Affected Packages

libcjose0

SUSE Linux Enterprise Server 12 SP4-ESPOSSUSE Linux Enterprise Server 12 SP4-LTSSSUSE Linux Enterprise Server 12 SP5SUSE Linux Enterprise Server for SAP Applications 12 SP4SUSE Linux Enterprise Server for SAP Applications 12 SP5

Fixed in:

0.6.1-7.5.1

References

ADVISORY

https://bugzilla.suse.com/1213385

ADVISORY

https://lists.suse.com/pipermail/sle-updates/2023-July/030645.html

ADVISORY

https://www.suse.com/security/cve/CVE-2023-37464/

WEB

https://www.suse.com/support/security/rating/

ADVISORY

https://www.suse.com/support/update/announcement/2023/suse-su-20233030-1/