Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:3267

Опубликовано: 14 июн. 2024
Источник: rocky
Оценка: Moderate

Описание

Moderate: idm:DL1 and idm:client security update

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681)

  • python-jwcrypto: malicious JWE token can cause denial of service (CVE-2024-28102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
bind-dyndb-ldapx86_645.module+el8.10.0+1819+0aeba2f1bind-dyndb-ldap-11.6-5.module+el8.10.0+1819+0aeba2f1.x86_64.rpm
ipa-healthcheck-corenoarch3.module+el8.9.0+1433+5bd2f890ipa-healthcheck-core-0.12-3.module+el8.9.0+1433+5bd2f890.noarch.rpm
custodianoarch3.module+el8.9.0+1371+ffa84eb9custodia-0.6.0-3.module+el8.9.0+1371+ffa84eb9.noarch.rpm
custodianoarch3.module+el8.9.0+1371+ffa84eb9custodia-0.6.0-3.module+el8.9.0+1371+ffa84eb9.noarch.rpm
ipa-clientx86_649.module+el8.10.0+1818+2dfda7a6ipa-client-4.9.13-9.module+el8.10.0+1818+2dfda7a6.x86_64.rpm
ipa-client-commonnoarch9.module+el8.10.0+1818+2dfda7a6ipa-client-common-4.9.13-9.module+el8.10.0+1818+2dfda7a6.noarch.rpm
ipa-client-commonnoarch9.module+el8.10.0+1818+2dfda7a6ipa-client-common-4.9.13-9.module+el8.10.0+1818+2dfda7a6.noarch.rpm
ipa-client-epnx86_649.module+el8.10.0+1818+2dfda7a6ipa-client-epn-4.9.13-9.module+el8.10.0+1818+2dfda7a6.x86_64.rpm
ipa-client-sambax86_649.module+el8.10.0+1818+2dfda7a6ipa-client-samba-4.9.13-9.module+el8.10.0+1818+2dfda7a6.x86_64.rpm
ipa-commonnoarch9.module+el8.10.0+1818+2dfda7a6ipa-common-4.9.13-9.module+el8.10.0+1818+2dfda7a6.noarch.rpm

Показывать по

Связанные CVE

CVE-2023-6681
CVE-2024-28102

Ссылки на источники

Исправления

Связанные уязвимости

oracle-oval логотип

ELSA-2024-3267

oracle-oval
больше 1 года назад

ELSA-2024-3267: idm:DL1 and idm:client security update (MODERATE)

ubuntu логотип

CVE-2023-6681

CVSS3: 5.3
ubuntu
почти 2 года назад

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

redhat логотип

CVE-2023-6681

CVSS3: 5.3
redhat
около 2 лет назад

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

nvd логотип

CVE-2023-6681

CVSS3: 5.3
nvd
почти 2 года назад

A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

debian логотип

CVE-2023-6681

CVSS3: 5.3
debian
почти 2 года назад

A vulnerability was found in JWCrypto. This flaw allows an attacker to ...