Bug 2257571 (CVE-2023-6129)
Summary: | CVE-2023-6129 mysql: openssl: POLY1305 MAC implementation corrupts vector registers on PowerPC | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | low | Docs Contact: | |
Priority: | low | ||
Version: | unspecified | CC: | adudiak, bdettelb, caswilli, csutherl, dfreiber, dhalasz, dkuc, drow, fjansen, hhorak, hkataria, jburrell, jclere, jmitchel, jorton, jsamir, jsherril, jtanner, kaycoth, kshier, ljavorsk, luizcosta, mmadzin, mschorm, mturk, nweather, orabin, pjindal, plodge, psegedy, stcannon, sthirugn, szappis, tsasak, vkrizan, vkumar, vmugicag, yguenane |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | OpenSSL 3.0, OpenSSL 3.1, OpenSSL 3.2 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in in the POLY1305 MAC (message authentication code) implementation in OpenSSL, affecting applications running on PowerPC CPU-based platforms that utilize vector instructions, and has the potential to corrupt the internal state of these applications. If an attacker can manipulate the utilization of the POLY1305 MAC algorithm, it may lead to the corruption of the application state, resulting in various application-dependent consequences, often resulting in a crash and leading to a denial of service.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2257574, 2257575, 2257576, 2275460, 2275461, 2257573 | ||
Bug Blocks: | 2257577, 2275454 |
Description
TEJ RATHI
2024-01-10 05:01:06 UTC
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 2257574] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 2257575] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 2257576] Created openssl3 tracking bugs for this issue: Affects: epel-all [bug 2257573] Created mysql8.0 tracking bugs for this issue: Affects: fedora-all [bug 2275461] This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447 |