• Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Critical Critical
    • rhel-10.0.beta
    • rhel-10.0.beta, rhel-10.0
    • jose
    • None
    • jose-14-100.el10
    • None
    • None
    • Rebase
    • sst_security_special_projects
    • ssg_security
    • 22
    • None
    • False
    • Hide

      None

      Show
      None
    • Yes
    • None
    • Rebase
    • Hide
      .`jose` provided in version 14

      The `jose` package is provided in version 14 in RHEL 10. `jose` is a C-language implementation of the Javascript Object Signing and Encryption (JOSE) standards. The most important enhancements and fixes include the following:

      * Improved bound checks for the `len` function for the `oct` JWK Type in OpenSSL, as a fix to an error reported by the SAST (Static Application Security Testing) process.
      * The protected JSON Web Encryption (JWE) headers no longer contain `zip`.
      * `jose` avoids potential denial of service (DoS) attacks by using high decompression chunks.
      Show
      .`jose` provided in version 14 The `jose` package is provided in version 14 in RHEL 10. `jose` is a C-language implementation of the Javascript Object Signing and Encryption (JOSE) standards. The most important enhancements and fixes include the following: * Improved bound checks for the `len` function for the `oct` JWK Type in OpenSSL, as a fix to an error reported by the SAST (Static Application Security Testing) process. * The protected JSON Web Encryption (JWE) headers no longer contain `zip`. * `jose` avoids potential denial of service (DoS) attacks by using high decompression chunks.
    • Done
    • None

      jose package should be updated to latest upstream stable release (jose 14)

      Upstream release that is considered latest: 14
      Current version/release in RHEL-10: 12-1.el10
      URL: https://github.com/latchset/jose

              sarroutb@redhat.com Sergio Arroutbi
              sarroutb@redhat.com Sergio Arroutbi
              Sergio Correia Sergio Correia
              SSG Security QE SSG Security QE
              Jan Fiala Jan Fiala
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated: