exploitDog

RLSA-2024:5294

Опубликовано: 07 мая 2025

Источник: rocky

Оценка: Moderate

Описание

Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption (NBDE) in Rocky Linux.

Security Fix(es):

jose: resource exhaustion (CVE-2024-28176)
jose: Denial of service due to uncontrolled CPU consumption (CVE-2023-50967)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Затронутые продукты

Rocky Linux 8

Наименование	Архитектура	Релиз	RPM
libjose	x86_64	2.el8_10.3	libjose-10-2.el8_10.3.x86_64.rpm
jose	x86_64	2.el8_10.3	jose-10-2.el8_10.3.x86_64.rpm
libjose-devel	x86_64	2.el8_10.3	libjose-devel-10-2.el8_10.3.x86_64.rpm

Показывать по

Связанные CVE

Ссылки на источники

Исправления

https://bugzilla.redhat.com/show_bug.cgi?id=2268820
Red Hat - 2268820
https://bugzilla.redhat.com/show_bug.cgi?id=2270538
Red Hat - 2270538

Связанные уязвимости

ELSA-2024-9181

oracle-oval

9 месяцев назад

ELSA-2024-9181: jose security update (MODERATE)

ELSA-2024-5294

oracle-oval

12 месяцев назад

ELSA-2024-5294: jose security update (MODERATE)

CVE-2023-50967

CVSS3: 7.5

ubuntu

больше 1 года назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVE-2023-50967

CVSS3: 7.5

redhat

больше 1 года назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

CVE-2023-50967

CVSS3: 7.5

nvd

больше 1 года назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.