The POLY1305 MAC (message authentication code) implementation contains a bug that might corrupt the internal state of applications running on PowerPC CPU based platforms if the CPU provides vector instructions. OpenSSL versions 3.0.0 to 3.0.12, 3.1.0 to 3.1.4 and 3.2.0 are vulnerable to this issue. The FIPS provider is not affected because the POLY1305 MAC algorithm is not FIPS approved and the FIPS provider does not implement it. OpenSSL versions 1.1.1 and 1.0.2 are not affected by this issue. http://www.openwall.com/lists/oss-security/2024/01/09/1 https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35 https://github.com/openssl/openssl/commit/5b139f95c9a47a55a0c54100f3837b1eee942b04 https://github.com/openssl/openssl/commit/f3fc5808fe9ff74042d639839610d03b8fdcc015 https://www.openssl.org/news/secadv/20240109.txt
Created edk2 tracking bugs for this issue: Affects: fedora-all [bug 2257574] Created mingw-openssl tracking bugs for this issue: Affects: fedora-all [bug 2257575] Created openssl tracking bugs for this issue: Affects: fedora-all [bug 2257576] Created openssl3 tracking bugs for this issue: Affects: epel-all [bug 2257573]
Created mysql8.0 tracking bugs for this issue: Affects: fedora-all [bug 2275461]
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2447 https://access.redhat.com/errata/RHSA-2024:2447
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:9088 https://access.redhat.com/errata/RHSA-2024:9088