Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:9181

Опубликовано: 17 мар. 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: jose security update

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption (NBDE) in Rocky Linux.

Security Fix(es):

  • jose: resource exhaustion (CVE-2024-28176)

  • jose: Denial of service due to uncontrolled CPU consumption (CVE-2023-50967)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 9.5 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 9

НаименованиеАрхитектураРелизRPM
josex86_641.el9jose-14-1.el9.x86_64.rpm
libjosei6861.el9libjose-14-1.el9.i686.rpm
libjosex86_641.el9libjose-14-1.el9.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-50967
CVE-2024-28176

Ссылки на источники

Исправления

Связанные уязвимости

rocky логотип

RLSA-2024:5294

rocky
7 месяцев назад

Moderate: jose security update

oracle-oval логотип

ELSA-2024-9181

oracle-oval
около 1 года назад

ELSA-2024-9181: jose security update (MODERATE)

oracle-oval логотип

ELSA-2024-5294

oracle-oval
больше 1 года назад

ELSA-2024-5294: jose security update (MODERATE)

ubuntu логотип

CVE-2023-50967

CVSS3: 7.5
ubuntu
больше 1 года назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.

redhat логотип

CVE-2023-50967

CVSS3: 7.5
redhat
больше 1 года назад

latchset jose through version 11 allows attackers to cause a denial of service (CPU consumption) via a large p2c (aka PBES2 Count) value.