SUSE-SU-2023:3230-1

UNKNOWN

Security update for cjose

Published Aug 8, 2023

Modified 2 years ago

Fix available

Details

This update for cjose fixes the following issues:

CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).

Affected Packages

cjose

SUSE Enterprise Storage 7SUSE Enterprise Storage 7.1SUSE Linux Enterprise High Performance Computing 15 SP1-LTSSSUSE Linux Enterprise High Performance Computing 15 SP2-LTSSSUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

Fixed in:

0.6.1-150100.4.6.1

libcjose-devel

Fixed in:

0.6.1-150100.4.6.1

libcjose0

Fixed in:

0.6.1-150100.4.6.1

References

REPORT

https://bugzilla.suse.com/1213385

WEB

https://www.suse.com/security/cve/CVE-2023-37464

ADVISORY

https://www.suse.com/support/update/announcement/2023/suse-su-20233230-1/

Upstream

CVE-2023-37464

Ecosystems(19)

SUSE Enterprise Storage 7 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise High Performance Computing 15 SP1-LTSS SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS

Timeline

PublishedAug 8, 2023

ModifiedAug 8, 2023

SUSE-SU-2023:3230-1 | Mondoo Vulnerability Intelligence