python-jwcrypto-1.5.6-2.el9

エラータID: AXSA:2024-9264:02

Release date: 
Thursday, December 12, 2024 - 18:31
Subject: 
python-jwcrypto-1.5.6-2.el9
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
Moderate
Description: 

The python-jwcrypto package provides Python implementations of the JSON Web Key (JWK), JSON Web Signature (JWS), JSON Web Encryption (JWE), and JSON Web Token (JWT) JOSE (JSON Object Signing and Encryption) standards.

Security Fix(es):

* JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the MIRACLE LINUX 9.5 Release Notes linked from the References section.

CVE-2023-6681
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.

Solution: 

Update packages.

CVEs: 
CVE-2023-6681
A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service (DoS) attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can result in a large amount of computational consumption, causing a denial of service attack.
Additional Info: 

N/A

Download: 

SRPMS
  1. python-jwcrypto-1.5.6-2.el9.src.rpm
    MD5: 786e1b69c2b23f7f61fc607703d2c132
    SHA-256: 970b78743a3b2594f0426847a4514f66596a32426cdc1c427922aacf06e44dfb
    Size: 95.17 kB

Asianux Server 9 for x86_64
  1. python3-jwcrypto-1.5.6-2.el9.noarch.rpm
    MD5: ffb97cf4f14d76f9bfd5959d5bcb8641
    SHA-256: f2344d1cfb860714fac6395a4a6b8133ebd6fa348067197c0516d0eaee8e2f2d
    Size: 84.82 kB