openSUSE-SU-2025:0004-1: moderate: Security update for rubygem-json-jwt

openSUSE Security Update: Security update for rubygem-json-jwt ______________________________________________________________________________ Announcement ID: openSUSE-SU-2025:0004-1 Rating: moderate References: #1156649 #1220727 Cross-References: CVE-2019-18848 CVE-2023-51774 Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that fixes two vulnerabilities is now available. Description: This update for rubygem-json-jwt fixes the following issues: - New upstream release 1.16.6, see bundled CHANGELOG.md - Remove padding oracle by @btoews in https://github.com/nov/json-jwt/pull/109 - Fixes CVE-2023-51774 boo#1220727 - updated to version 1.11.0 - no changelog found - Fixes CVE-2019-18848 boo#1156649 Patch Instructions: To install this openSUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2025-4=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 i586 ppc64le s390x x86_64): ruby2.5-rubygem-aes_key_wrap-1.1.0-bp155.2.1 ruby2.5-rubygem-aes_key_wrap-doc-1.1.0-bp155.2.1 ruby2.5-rubygem-json-jwt-1.16.6-bp155.3.3.1 ruby2.5-rubygem-json-jwt-doc-1.16.6-bp155.3.3.1 References: https://www.suse.com/security/cve/CVE-2019-18848.html https://www.suse.com/security/cve/CVE-2023-51774.html https://bugzilla.suse.com/1156649 https://bugzilla.suse.com/1220727
participants (1)
-
opensuse-security@opensuse.org