Lucene search

SUSE: Security Advisory (SUSE-SU-2023:3030-1)

The 'cjose' package(s) on SUSE Linux Enterprise High Performance Computing 12-SP5, SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP4, SUSE Linux Enterprise Server for SAP Applications 12-SP5, SUSE OpenStack Cloud 9, SUSE OpenStack Cloud Crowbar 9 are missing an update for CVE-2023-37464

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 76
Tenable Nessus	Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2023-4418)	2 Aug 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : cjose (ALSA-2023:4411)	2 Aug 202300:00	–	nessus
Tenable Nessus	RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:4409)	1 Aug 202300:00	–	nessus
Tenable Nessus	Debian dla-3515 : libcjose-dev - security update	4 Aug 202300:00	–	nessus
Tenable Nessus	RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:4429)	2 Aug 202300:00	–	nessus
Tenable Nessus	RHEL 9 : cjose (RHSA-2023:4417)	1 Aug 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : mod_auth_openidc:2.3 (ALSA-2023:4418)	2 Aug 202300:00	–	nessus
Tenable Nessus	Fedora 37 : cjose (2023-cf01e05114)	10 Sep 202300:00	–	nessus
Tenable Nessus	RHEL 8 : mod_auth_openidc:2.3 (RHSA-2023:4410)	1 Aug 202300:00	–	nessus
Tenable Nessus	CentOS 8 : mod_auth_openidc:2.3 (CESA-2023:4418)	1 Aug 202300:00	–	nessus

Source	Link
	www.3030-1
bugzilla	www.bugzilla.suse.com/1213385
suse	www.suse.com/support/update/announcement/2023/suse-su-20233030-1/
lists	www.lists.suse.com/pipermail/sle-updates/2023-July/030645.html

# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.4.2023.3030.1");
  script_cve_id("CVE-2023-37464");
  script_tag(name:"creation_date", value:"2023-08-01 04:25:54 +0000 (Tue, 01 Aug 2023)");
  script_version("2025-02-14T08:35:38+0000");
  script_tag(name:"last_modification", value:"2025-02-14 08:35:38 +0000 (Fri, 14 Feb 2025)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:C/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-07-31 17:15:47 +0000 (Mon, 31 Jul 2023)");

  script_name("SUSE: Security Advisory (SUSE-SU-2023:3030-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2023 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse_sles", "ssh/login/rpms", re:"ssh/login/release=(SLES12\.0SP4|SLES12\.0SP5)");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3030-1");
  script_xref(name:"URL", value:"https://www.suse.com/support/update/announcement/2023/suse-su-20233030-1/");
  script_xref(name:"URL", value:"https://bugzilla.suse.com/1213385");
  script_xref(name:"URL", value:"https://lists.suse.com/pipermail/sle-updates/2023-July/030645.html");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'cjose' package(s) announced via the SUSE-SU-2023:3030-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for cjose fixes the following issues:

- CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag (bsc#1213385).");

  script_tag(name:"affected", value:"'cjose' package(s) on SUSE Linux Enterprise Server 12-SP4, SUSE Linux Enterprise Server 12-SP5, SUSE Linux Enterprise Server for SAP Applications 12-SP4, SUSE Linux Enterprise Server for SAP Applications 12-SP5.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLES12.0SP4") {

  if(!isnull(res = isrpmvuln(pkg:"libcjose0", rpm:"libcjose0~0.6.1~7.5.1", rls:"SLES12.0SP4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLES12.0SP5") {

  if(!isnull(res = isrpmvuln(pkg:"libcjose0", rpm:"libcjose0~0.6.1~7.5.1", rls:"SLES12.0SP5"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

01 Aug 2023 00:00Current

8.2High risk

Vulners AI Score8.2

CVSS37.5 - 8.6

EPSS0.00314

SSVC