Azure Linux 3.0 Security Update: cjose (CVE-2023-37464)

The version of cjose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-37464 advisory. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM...

MiracleLinux 9 : cjose-0.6.1-13.el9 (AXSA:2023-6285:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6285:01 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding...

MiracleLinux 8 : mod_auth_openidc:2.3 (AXSA:2023-6296:01)

The remote MiracleLinux 8 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-6296:01 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2023:0203)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0203 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

CVE-2023-37464 affecting package cjose for versions less than 0.6.2.2-7

CVE-2023-37464 affecting package cjose for versions less than 0.6.2.2-7. An upgraded version of the package is available that resolves this issue...

TencentOS Server 4: cjose (TSSA-2025:0135)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0135 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0091: mod_auth_openidc:2.3 (ALINUX3-SA-2023:0091)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0091 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-37464: OpenIDC/cjose is a C library...

openSUSE: Security Advisory for cjose (SUSE-SU-2023:3230-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mod_auth_openidc:2.3 security and bug fix update

cjose 0.6.1-4 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-5 Related: rhbz2141850 - fix cjose version dependency 2.4.9.4-4 Resolves: rhbz2141850 - authopenidc.conf mode 0640 by...

Fedora 39 : cjose (2023-d5f23da04a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d5f23da04a advisory. Security fix for CVE-2023-37464 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora: Security Advisory (FEDORA-2023-d5f23da04a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora 38 : cjose (2023-151d5b3da1)

The remote Fedora 38 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-151d5b3da1 advisory. Security fix for CVE-2023-37464 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora 37 : cjose (2023-cf01e05114)

The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-cf01e05114 advisory. Security fix for CVE-2023-37464 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : JOSE for C/C++ vulnerability (USN-6307-1)

The remote Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6307-1 advisory. It was discovered that JOSE for C/C++ AES GCM decryption routine incorrectly uses the Tag length from the actual Authentication Ta...

Debian DSA-5472-1 : cjose - security update

The remote Debian 11 / 12 host has packages installed that are affected by a vulnerability as referenced in the dsa-5472 advisory. It was discovered that an incorrect implementation of AES GCM decryption in cjose, a C library implementing the JOSE standard, may allow an attacker to provide a...

SUSE: Security Advisory (SUSE-SU-2023:3230-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

SUSE-SU-2023:3230-1 Security update for cjose

This update for cjose fixes the following issues: - CVE-2023-37464: Fixed AES GCM decryption uses the Tag length from the actual Authentication Tag bsc1213385...

RLSA-2023:4418 Important: mod_auth_openidc:2.3 security update

The modauthopenidc is an OpenID Connect authentication module for Apache HTTP Server. It enables an Apache HTTP Server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server. Security Fixes: cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag...

Rocky Linux 8 : mod_auth_openidc:2.3 (RLSA-2023:4418)

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:4418 advisory. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length fro...

[SECURITY] [DLA 3515-1] cjose security update

Debian LTS Advisory DLA-3515-1 [email protected] https://www.debian.org/lts/security/ Guilhem Moulin August 04, 2023 https://wiki.debian.org/LTS Package : cjose Version : 0.6.1+dfsg1-1+deb10u1 CVE ID : CVE-2023-37464 Debian Bug : 1041423 An incorrect Authentication Tag length usage was...