When an unknown or specially-crafted hash is passed to gcry_md_get_algo_dlen, 0 is returned. This value is then used for memcmp, so the wrong hmac may be accepted by the Booth server as valid.
Created booth tracking bugs for this issue: Affects: fedora-all [bug 2290667]
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2024:3657 https://access.redhat.com/errata/RHSA-2024:3657
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:3658 https://access.redhat.com/errata/RHSA-2024:3658
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:3660 https://access.redhat.com/errata/RHSA-2024:3660
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:3659 https://access.redhat.com/errata/RHSA-2024:3659
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:3661 https://access.redhat.com/errata/RHSA-2024:3661
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions Red Hat Enterprise Linux 8.6 Telecommunications Update Service Via RHSA-2024:4400 https://access.redhat.com/errata/RHSA-2024:4400
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions Via RHSA-2024:4411 https://access.redhat.com/errata/RHSA-2024:4411