Azure Linux 3.0 Security Update: cjose (CVE-2023-37464)

The version of cjose installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-37464 advisory. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM...

MiracleLinux 9 : cjose-0.6.1-13.el9 (AXSA:2023-6285:01)

The remote MiracleLinux 9 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-6285:01 advisory. cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Tenable has extracted the preceding...

TencentOS Server 3: mod_auth_openidc:2.3 (TSSA-2023:0203)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0203 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Linux Distros Unpatched Vulnerability : CVE-2023-37464

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - OpenIDC/cjose is a C library implementing the Javascript Object Signing and Encryption JOSE. The AES GCM decryption routine incorrectly uses the Tag length from...

CVE-2023-37464 affecting package cjose for versions less than 0.6.2.2-7

CVE-2023-37464 affecting package cjose for versions less than 0.6.2.2-7. An upgraded version of the package is available that resolves this issue...

Incorrect Authentication Tag length usage in AES GCM decryption in OpenIDC/cjose

...

cjose bug fix and enhancement update

An update is available for cjose. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux 9.5...

RHSA-2023:4417 Red Hat Security Advisory: cjose security update

Bulletin has no description...

RHSA-2023:4411 Red Hat Security Advisory: cjose security update

Bulletin has no description...

Oracle Linux 8 : mod_auth_openidc:2.3 (ELSA-2024-5289)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-5289 advisory. cjose modauthopenidc 2.4.9.4-6 - Resolves: RHEL-36492 Race condition in modauthopenidc filecache - Resolves: RHEL-25421 modauthopenidc: DoS when using...

openSUSE: Security Advisory for cjose (SUSE-SU-2023:3230-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 9 : cjose-0.6.1-16.el9

The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the cjose-0.6.1-16.el9 build changelog. - AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE CVE-2023-37464 Note that Nessus has not tested for th...

Mageia: Security Advisory (MGASA-2023-0350)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

mod_auth_openidc:2.3 security and bug fix update

cjose 0.6.1-4 - CVE-2023-37464 cjose: AES GCM decryption uses the Tag length from the actual Authentication Tag provided in the JWE Resolves: rhbz2223308 modauthopenidc 2.4.9.4-5 Related: rhbz2141850 - fix cjose version dependency 2.4.9.4-4 Resolves: rhbz2141850 - authopenidc.conf mode 0640 by...

Fedora 39 : cjose (2023-d5f23da04a)

The remote Fedora 39 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-d5f23da04a advisory. Security fix for CVE-2023-37464 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...

Fedora: Security Advisory (FEDORA-2023-d5f23da04a)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 39 Update: cjose-0.6.2.2-2.fc39

Implementation of JOSE for C/C++...

Fedora: Security Advisory for cjose (FEDORA-2023-151d5b3da1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 38 Update: cjose-0.6.2.2-2.fc38

Implementation of JOSE for C/C++...

[SECURITY] Fedora 37 Update: cjose-0.6.2.2-2.fc37

Implementation of JOSE for C/C++...