RLSA-2024:3267

See a problem?
Please try reporting it to the source first.
Source
https://errata.rockylinux.org/RLSA-2024:3267
Import Source
https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json
JSON Data
https://api.osv.dev/v1/vulns/RLSA-2024:3267
Upstream
Published
2024-06-14T13:59:30.118978Z
Modified
2026-02-05T13:45:16.809057Z
Summary
Moderate: idm:DL1 and idm:client security update
Details

Rocky Enterprise Software Foundation Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

  • JWCrypto: denail of service Via specifically crafted JWE (CVE-2023-6681)

  • python-jwcrypto: malicious JWE token can cause denial of service (CVE-2024-28102)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

References
Credits
    • Rocky Enterprise Software Foundation
    • Red Hat

Affected packages

Rocky Linux:8
bind-dyndb-ldap

Package

Name
bind-dyndb-ldap
Purl
pkg:rpm/rocky-linux/bind-dyndb-ldap?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:11.6-5.module+el8.10.0+1819+0aeba2f1
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
custodia

Package

Name
custodia
Purl
pkg:rpm/rocky-linux/custodia?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.6.0-3.module+el8.9.0+1371+ffa84eb9
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
ipa

Package

Name
ipa
Purl
pkg:rpm/rocky-linux/ipa?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:4.9.13-9.module+el8.10.0+1818+2dfda7a6
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
ipa-healthcheck

Package

Name
ipa-healthcheck
Purl
pkg:rpm/rocky-linux/ipa-healthcheck?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.12-3.module+el8.9.0+1433+5bd2f890
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
opendnssec

Package

Name
opendnssec
Purl
pkg:rpm/rocky-linux/opendnssec?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.1.7-1.module+el8.9.0+1371+ffa84eb9
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
python-jwcrypto

Package

Name
python-jwcrypto
Purl
pkg:rpm/rocky-linux/python-jwcrypto?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.5.0-2.module+el8.10.0+1818+2dfda7a6
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
python-kdcproxy

Package

Name
python-kdcproxy
Purl
pkg:rpm/rocky-linux/python-kdcproxy?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.4-5.module+el8.9.0+1371+ffa84eb9
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
python-qrcode

Package

Name
python-qrcode
Purl
pkg:rpm/rocky-linux/python-qrcode?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:5.1-12.module+el8.9.0+1371+ffa84eb9
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
python-yubico

Package

Name
python-yubico
Purl
pkg:rpm/rocky-linux/python-yubico?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.3.2-9.1.module+el8.9.0+1371+ffa84eb9
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
pyusb

Package

Name
pyusb
Purl
pkg:rpm/rocky-linux/pyusb?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:1.0.0-9.1.module+el8.9.0+1371+ffa84eb9
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
slapi-nis

Package

Name
slapi-nis
Purl
pkg:rpm/rocky-linux/slapi-nis?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:0.60.0-4.module+el8.9.0+1573+39ab85f4
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"
softhsm

Package

Name
softhsm
Purl
pkg:rpm/rocky-linux/softhsm?distro=rocky-linux-8&epoch=0

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0:2.6.0-5.module+el8.9.0+1371+ffa84eb9
Database specific 
{
    "yum_repository": "AppStream"
}

Database specific

source 
"https://storage.googleapis.com/resf-osv-data/RLSA-2024:3267.json"