Issued:: 2024-08-13
Updated:: 2024-08-13

RHSA-2024:5294 - Security Advisory

Overview
Updated Packages

Synopsis

Moderate: jose security update

Type/Severity

Security Advisory: Moderate

Red Hat Insights patch analysis

Identify and remediate systems affected by this advisory.

View affected systems

Topic

An update for jose is now available for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Description

Jose is a C-language implementation of the Javascript Object Signing and Encryption standards. The jose package is a dependency of the clevis and tang packages, together providing Network Bound Disk Encryption (NBDE) in Red Hat Enterprise Linux.

Security Fix(es):

jose: resource exhaustion (CVE-2024-28176)
jose: Denial of service due to uncontrolled CPU consumption (CVE-2023-50967)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Solution

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/11258

Affected Products

Red Hat Enterprise Linux for x86_64 8 x86_64
Red Hat Enterprise Linux for IBM z Systems 8 s390x
Red Hat Enterprise Linux for Power, little endian 8 ppc64le
Red Hat Enterprise Linux for ARM 64 8 aarch64

Fixes

BZ - 2268820 - CVE-2024-28176 jose: resource exhaustion
BZ - 2270538 - CVE-2023-50967 jose: Denial of service due to uncontrolled CPU consumption

CVEs

References

https://access.redhat.com/security/updates/classification/#moderate

Note: More recent versions of these packages may be available. Click a package name for more details.

Red Hat Enterprise Linux for x86_64 8

SRPM
jose-10-2.el8_10.3.src.rpm	SHA-256: 6343e796467623605e09ee9463dbcc734ab43438bee7376b284a1807f64b9e43
x86_64
jose-10-2.el8_10.3.x86_64.rpm	SHA-256: e7494c8e1a3839b8ded14e4394dea99331fca8e8145f2220472036054f460351
jose-debuginfo-10-2.el8_10.3.i686.rpm	SHA-256: 8b38fe358ff6c1de61d5fe86052aa49dfee38eef9b9f4c58e6b1c4e09880db65
jose-debuginfo-10-2.el8_10.3.x86_64.rpm	SHA-256: 9a811e63230bbdfb2bb182207f49158990ffb91e247ecfb3100ac18c464b2c39
jose-debugsource-10-2.el8_10.3.i686.rpm	SHA-256: 24aed5ea5dc125639e20d57ab095e100c38f3bcc86f3d89de2dd543df74d7223
jose-debugsource-10-2.el8_10.3.x86_64.rpm	SHA-256: 5272990604dae31eeaa403cbab6082aeab11fba054c7a4f476043a1b870b3e87
libjose-10-2.el8_10.3.i686.rpm	SHA-256: b9582f3f373f8e5f44183930262d519ed5265b0950de736d1de5fb0e19d8d42f
libjose-10-2.el8_10.3.x86_64.rpm	SHA-256: a47c4f4a65bed22cde15f41b5887512bc02fd79f268e10eacfce62f86517fe31
libjose-debuginfo-10-2.el8_10.3.i686.rpm	SHA-256: cc6cf41867c8c4d9cf7de2511da8c01eb77c0f0f350275349a1f43238c6c4d26
libjose-debuginfo-10-2.el8_10.3.x86_64.rpm	SHA-256: 3c52ee7c933d2099d290773045d66f2c46744efe7211ddd1271e134e91b3e5c8
libjose-devel-10-2.el8_10.3.i686.rpm	SHA-256: 6277d6c244a406af5623d42ee4386f80106940702370ed3d46ddcde4e2823230
libjose-devel-10-2.el8_10.3.x86_64.rpm	SHA-256: 86456f2ad2024e15828f05a6d78ef8e17135c4e7b25b6683d9517b2369ee7ad6

Red Hat Enterprise Linux for IBM z Systems 8

SRPM
jose-10-2.el8_10.3.src.rpm	SHA-256: 6343e796467623605e09ee9463dbcc734ab43438bee7376b284a1807f64b9e43
s390x
jose-10-2.el8_10.3.s390x.rpm	SHA-256: 80ca073a81cdb15499258764054b3bd32631683c02d9cf33a4c4e52bf5787e79
jose-debuginfo-10-2.el8_10.3.s390x.rpm	SHA-256: 430e8d1e7e82c194673273b9963c88e3856a6b3c8ce8ebf82be87af96dc3b269
jose-debugsource-10-2.el8_10.3.s390x.rpm	SHA-256: 8d4934b2563fbd0f0c98804d741fc2a0644d5923962c0d7d1fe57967dbb08c4b
libjose-10-2.el8_10.3.s390x.rpm	SHA-256: f6c6a00f7d4d2c8dec770a8cc65ccfcf51528f0ae876f708328741ab4bd7ad9c
libjose-debuginfo-10-2.el8_10.3.s390x.rpm	SHA-256: f2d3f2454994b56c19f47a26cff8b28d6c14d924340fcd7dad7694ac55e2a316
libjose-devel-10-2.el8_10.3.s390x.rpm	SHA-256: 193525014c85cbf93fa92803b6e488200807ed1f8b866fd383397c1835fadb0e

Red Hat Enterprise Linux for Power, little endian 8

SRPM
jose-10-2.el8_10.3.src.rpm	SHA-256: 6343e796467623605e09ee9463dbcc734ab43438bee7376b284a1807f64b9e43
ppc64le
jose-10-2.el8_10.3.ppc64le.rpm	SHA-256: 6863fa81aa23d74b6e2ceb9925d460ee8f6c26670c00584355c62e1fec93a6dd
jose-debuginfo-10-2.el8_10.3.ppc64le.rpm	SHA-256: d6df805870b864d8cbfea1b5d40236edeac24785904cfdea443b4a82ce3afa14
jose-debugsource-10-2.el8_10.3.ppc64le.rpm	SHA-256: 4387ca1a7dc7d2d36279970459c6d402d1334db9fdf2d3beb17b58dcca2d8b6f
libjose-10-2.el8_10.3.ppc64le.rpm	SHA-256: b6efb27bff0019732b96e5a963d8aae48e04a176878a0d4e3546c15362acb289
libjose-debuginfo-10-2.el8_10.3.ppc64le.rpm	SHA-256: ab4015d383008787915fc960222a1165b1e56f25de8b9f56c58475889fcf319f
libjose-devel-10-2.el8_10.3.ppc64le.rpm	SHA-256: 382a6c2c201d19e18fcdf6f66dc5e13ad757da7252f1639dcae17cfdacdd3f4d

Red Hat Enterprise Linux for ARM 64 8

SRPM
jose-10-2.el8_10.3.src.rpm	SHA-256: 6343e796467623605e09ee9463dbcc734ab43438bee7376b284a1807f64b9e43
aarch64
jose-10-2.el8_10.3.aarch64.rpm	SHA-256: 4bac89632f2e997c08103eaccde725b531334cb154b9c98ffc1486056182e100
jose-debuginfo-10-2.el8_10.3.aarch64.rpm	SHA-256: e6738e02cc2bbde9e2873bb7913ef4b9fc9b14b5c4b252dfa5ad0ca6cf7ecb46
jose-debugsource-10-2.el8_10.3.aarch64.rpm	SHA-256: b7a31599743d1932ffdbf35897eeae105564d56ae5657c94d50c8d7519171afc
libjose-10-2.el8_10.3.aarch64.rpm	SHA-256: d907dd8d3e0052853437f3b9dbccc81bb49a23058bf0047a2c4a4deb54e973e2
libjose-debuginfo-10-2.el8_10.3.aarch64.rpm	SHA-256: 77abdb7fdb7861eea08b7671c02590d2f9266c3f78fdf8a9751441ea2059f221
libjose-devel-10-2.el8_10.3.aarch64.rpm	SHA-256: 1d3a27278309c1daabc1f0bbde1712aef67e0684a122764f28ef21c02b483b8d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation