Security Advisory

OpenSSL Vulnerability Security Update Advisory (CVE-2023-6129)

  • Jan 09 2024

Overview

 

An update has been made available to fix vulnerabilities in OpenSSL. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

OpenSSL version 3.0.0

OpenSSL 3.1.0

OpenSSL 3.2.0

 

Resolved Vulnerabilities

 

Vulnerability in the OpenSSL Poly1305 Message Authentication Code (MAC) implementation of Poly1305 could allow a user to compromise the internal state of an application running on a PowerPC CPU-based platform if the CPU supports Vector Instructions
(CVE-2023-6129)

* OpenSSL versions 1.1.1, 1.0.2 are not affected by the CVE-2023-6129 vulnerability.

 

Vulnerability Patches

 

On January 9, 2024, the following versions were made available with the vulnerability resolved. Please refer to the reference site documentation for details.

OpenSSL 3.0.12 version

OpenSSL 3.1.5

OpenSSL 3.2.1 version

 

Referenced Sites

 

[1] https://www.openssl.org/news/secadv/20240109.txt

[2] https://github.com/openssl/openssl/commit/050d26383d4e264966fb83428e72d5d48f402d35

Previous Post

Next Post